Decrypt log missing in list of logs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Decrypt log missing in list of logs

L1 Bithead

I spent several hours yesterday trying to get decryption working.  Everything kept coming back to being able to view the decryption log under Monitor>Logs>Decryption.  However, my Palos did not have a "Decryption" option under Logs, and I could not figure out why, and could not find any documentation to explain why I could not see that option on my firewalls.  Was it because I didn't have the right license? Was it a configuration setting somewhere that was not enabled?  Was it because decryption just wasn't working and so there were no log messages to display?

 

I'm putting this here so that hopefully if someone else has the same problem they don't waste hours like I did trying to figure out why this thing that all the documentation says you can just find at Monitor>Logs>Decryption, was no where to be found. (So frustration...)  

 

The problem for me came down to the fact that we use Radius for normal access to our Palos.  If I logged in with the local admin account, I was able to see the decryption log under the list of logs.  Now I need to find out if there is a way to have Radius authenticated Admins receive Admin level access to the Palos so admins don't have to login with the local admin account.

1 REPLY 1

Cyber Elite
Cyber Elite

Hello @dsmall-pa

 

thanks for post.

 

Based on what you described my first thought is that your RADIUS authenticated account is bound to custom role that does not have decryption logs enabled. Below is a sample:

 

PavelK_0-1718147557558.png

The decryption logs were introduced in PAN-OS 10.0 (Here is the reference: Verify Decryption) and it is possible that whoever created a custom role in earlier version of PAN-OS prior to 10.0 has enabled access to log options available at that time. After decryption logs were introduced this log option comes automatically as disabled therefore it is not available to your RADIUS account.

 

I would recommend to review setting for custom role if this is indeed being used.

 

Kind Regards

Pavel  

Help the community: Like helpful comments and mark solutions.
  • 424 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!