User-ID Statistics

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User-ID Statistics

L1 Bithead

We have a cenario where the Firewall control the Internet access from users in the local network and we control these access with URL profiles and security policies.
We identify the user session with USER-ID Agent installed on Windows AD Servers.
I'd like to count how many users the Firewall identify per day in the Internet Access.

How can I get these kind of statistic?
Is there a way to extract this data from the PA?

 

Regards,
Marcelo Castro

3 REPLIES 3

L7 Applicator

@mmcastr wrote:

Is there a way to extract this data from the PA?


Yes, over the API, but you probably need to write a little script (or do it manually, but I would not recommend that) that pulls every hour or so the IP-User mappings from the firewall and creates a list with only the unique usernames.

 

Or with a custom report where you only add sourceuser and maybe sessions to the shown columns. This will generate a report that show the sessions per user.

 

L7 Applicator

Edited...

 

if you are forwarding logs to syslog then...

 

cat paloalto.log|grep 'userdomain\\'|sed 's/.*userdomain\\//'|sed 's/ [0-9].*//'|sort|uniq|wc-l

 

if not, then API as per @Remo.

 

 


I did something like you suggested to get the data from logs.

 

Thanks for the tip.

  • 3166 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!