This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to generate a comprehensive GlobalProtect VPN Reports

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to generate a comprehensive GlobalProtect VPN Reports

Admin4Ceva
L0 Member

‎08-05-2021 10:53 AM

Hi

 

I am trying to create a weekly comprehensive GP VPN Report

I want it grouped by users and sorted by activity time

 

For that I have created a custom report with ( eventid eq gateway-logout ) as query and "Last Calendar Week" as time frame

Now I am trying to set the sort and group-by BUT I cannot set the "generated-time" as sort and even worse the group-by selection is limited to 50 so the final report is limited to the first 50 users ... which is not close to the actual list of GP users

 

I would appreciate some help with this

 

Thx

1 person had this problem.
0 Likes Likes
4 REPLIES 4

SCantwell_IM
Cyber Elite
Cyber Elite

‎08-05-2021 11:52 AM

Howdy

So, using the Device GlobalProtect Log, the choice to "sort by" and device generated is not available.

SteveCantwell_0-1628189525168.png

 

 

 

There is limited support in what the LiveCommunity would be able to do.

 

I am not sure what exact columns you are choosing, but I am messing with the different views and have over 500 hits in my report for when user logged in. You may be best to screen capture and upload the exact report, what columns you are using and we can try to find something that may work.  All trial and error. 

 

You may want to contact your PANW SE and open a FR ticket (Feature Request).

 

Good Luck.

Help the community: Like helpful comments and mark solutions
0 Likes Likes

Admin4Ceva
L0 Member
In response to SCantwell_IM

‎08-06-2021 05:59 AM

Hi Steve

 

Well, I have fiddled with this for a while... trying any other sort/group combination (yours above included ... BTW the "users" field doesn't return what one would expect but rather the user count attached to the activity which in the case of VPN is always 1) but none provides the requested format

 

The problem is there is a design limit of the group-by to maximum 50 (why??)

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/view-and-manage-reports/custom-...

 

So either I don't set the group-by at all

Admin4Ceva_0-1628252162146.png

And get a "log" style report (not even sorted by time), export it as csv and use some other sw tool to sort/group and produce a readable PDF...

 

Or add the group-by source/user that shrinks the sort to a 500 records max and even more problematic the group (i.e. VPN users) to a maximum of 50... dumping/ignoring all the rest

Admin4Ceva_1-1628252544669.png

The resultant limited report now still isn't sorted by time but at least it is grouped by users

Just to clarify:

The ungrouped report returns 2493 records (or a 41 pages PDF)

the group-by report returns only 891 records (or a 15 pages PDF)

 

In any case both reports are useless

0 Likes Likes

BPry
Cyber Elite
Cyber Elite

‎08-06-2021 08:41 AM

@Admin4Ceva,

I would highly recommend forwarding these logs to something like Graylog or Splunk and building these sorts of reports there. The firewalls reporting capabilities leaves quite a bit to be desired in this regard where you won't have near the same limitations through something like Graylog. 

0 Likes Likes

Gmileon
L1 Bithead

‎05-18-2022 09:36 AM

Up until seeing this post, I thought I was just missing something.  I've been trying to get a useful scheduled report for months.  PDF is worthless.  The closest I've come is CSV, which gets emailed nightly.  Opening the attachment and sorting the data isn't too much of a hassle.  But it seems PA should be able to include sort by generate time in the options.

0 Likes Likes
  • 3172 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks