Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

GlobalProtect Client Log Dump Format

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect Client Log Dump Format

L0 Member

Hi,

I would like to parse and correlate multiple .log files from GP log dump.

Example log from PanGPS.log

 

(P5200-T7744)Debug(1916): 05/16/22 12:47:28:106 Send response to client for request hip-ack │
(P5200-T7744)Dump (11923): 05/16/22 12:47:28:106 Set m_bPreviousSwitchOffMsg to 0

 Do you know what are the types/meaning of the fields?

Thank you

1 REPLY 1

L1 Bithead

There is so much data here that it can be hard to define in a single post.  What I would start with is the first number (P5200-T7744). These are the Process Identification Numbers (PID) of the service and threads that are running. The number after that (1916) is the command being sent.

In the PanGPS file for example you can look up the command 25 to see newly started threads. 

(P16240-T48584)Debug( 25): 06/26/24 09:07:22:689 create thread 0x5dc720 with thread ID 45612
(P6668-T16780)Debug( 25): 06/28/24 14:06:22:680 create thread 0xb18 with thread ID 39684

If you search for the ID then next line that contains the number it should give you an idea of what the thread is doing. Some threads will give the name of the process, but in the example of the gateway being checked it will not provide a name.

(P16240-T45612)Debug( 449): 06/26/24 09:07:22:689 VpnProcMonitor thread starts

(P6668-T39684)Debug(5717): 06/28/24 14:06:22:696 getaddrinfo host.GetString() xxx.gpcloudservice.com

 

So searching for the string in the first parenthesis will provide you what occurred during the life cycle of the thread.  Be aware that some threads will remain active through out the logs and so some data will be missing due to log roll-over.  Hope that helps some.

  • 1531 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!