User-ID Statistics

Reply
Highlighted
L1 Bithead

User-ID Statistics

We have a cenario where the Firewall control the Internet access from users in the local network and we control these access with URL profiles and security policies.
We identify the user session with USER-ID Agent installed on Windows AD Servers.
I'd like to count how many users the Firewall identify per day in the Internet Access.

How can I get these kind of statistic?
Is there a way to extract this data from the PA?

 

Regards,
Marcelo Castro

Tags (2)
Highlighted
Cyber Elite


@mmcastr wrote:

Is there a way to extract this data from the PA?


Yes, over the API, but you probably need to write a little script (or do it manually, but I would not recommend that) that pulls every hour or so the IP-User mappings from the firewall and creates a list with only the unique usernames.

 

Or with a custom report where you only add sourceuser and maybe sessions to the shown columns. This will generate a report that show the sessions per user.

 

Highlighted
L7 Applicator

Edited...

 

if you are forwarding logs to syslog then...

 

cat paloalto.log|grep 'userdomain\\'|sed 's/.*userdomain\\//'|sed 's/ [0-9].*//'|sort|uniq|wc-l

 

if not, then API as per @vsys_remo.

 

 

Highlighted
L1 Bithead


I did something like you suggested to get the data from logs.

 

Thanks for the tip.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!