UserID information

Reply
Highlighted
L4 Transporter

UserID information

Is there a way to pull the UserID information from the Palo alto logs concerning VPN users?

Highlighted
L7 Applicator

User ID is out there

running freely across the wind

turning,churning,yearning,learning..

 

sorry wrong post... ha ha..

 

Hi @jdprovine

 

have you enabled "User Identification" on the VPN zone or have i missed your point...

Highlighted
L4 Transporter

@MickBall

Yes userid is enabled on the VPN but some one else needs the information for another program that manages accounts

Highlighted
L7 Applicator

do they need traffic logs or connection logs...

 

if you filter traffic logs "from zone" = (your vpn zone) do you see the source users...

Highlighted
Cyber Elite

@jdprovine,

The command 'show user user-ids all' will display the active user-id mappings for the firewall, however will not be limited specifically to your VPN users. The command 'show global-protect-gateway current-user' and 'show global-protect-gateway previous-user' will display any users who reciently connected. All of these can be grabbed from the API. 

 

Hopfully that includes the information that they are looking for. 

Highlighted
L4 Transporter

@BPry

So that would allow the user administrator to pull the VPN userid information from the PA into another program he has

Highlighted
Cyber Elite

@jdprovine,

If you generated the API call and captured the results it really depends on the program that he's using if it will accept the firewalls output. My guess would be that it would be capable of doing so, but can't be sure. 

Highlighted
L4 Transporter

@BPry

I think it may be a home grown program unfortunately I don't know I will see if I can find out

Highlighted
Cyber Elite

@jdprovine,

That would actually be better; if it's something home grown they should be able to build a way to accept the XML output from the firewall easily enough. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!