Good evening, I am working on a project that requires the use of threat logs and traffic logs of an institution with which I am affiliated. Our security manager can provide me access to our threat logs via the Monitor tab in PAN-OS. However, we are experiencing difficulty finding the traffic logs I need. I am looking for specific traffic logs, including the following features described in Traffic Log Fields: Serial Number Type Threat/Content Type Generate Time Session ID Repeat Count Flags Action Bytes Bytes Sent, Bytes Received Packets, Packets Sent, Packets Received Start Time Elapsed Time Session End Reason Device Name In conversations with the security manager, he says, "that articles refers to what you can push to syslog.. our logrythm system. Not what you can see on their logs. I am trying to see what else we can view." When I asked for clarification, he stated, "The document you cite is in regards to data sent to syslogs, not what is actually available via our log export on the traffic section of monitor." He isn't sure how or where we can find the aforementioned data features I am looking for. I have two questions: Is there a relatively easy way for someone who has access to PAN-OS to download traffic log data containing those fields? What is the difference between the logs in Monitor versus those in the Syslog? What data is available via log export from the web interface? Can I include the fields in my list above that are missing from the logs he found in the web interface? Thank you so much for your help. I am brand new to PAN-OS, and my coworker is doing me a favor by getting logs for me, so I want to be sure we can find them before I ask him to look again.
... View more
I am exporting a Custom Report to a CSV and want to make sure I don't miss any data. Scenario 1: I want to include a full day's logs in one file For October 1, 2020. Would I set the start time to midnight and the end time to 11:59 PM, or would I put the end time to October 2, 2020, at midnight? Scenario 2: I want all the data for the full 8 AM hour (starting at 8 AM and ending before 9 AM). Would I set the start time to 8 AM and the end time to 8:59 AM, or would I put the end time to 9 AM? Then, if I want the 9 AM hour, would I start it at 9 AM or 9:01 AM? I hope this makes sense. I want to ensure I won't miss even one minute; basically, what I am asking is: are the start and end times inclusive or exclusive? Let me know if you need any clarification. Thank you, Michael
... View more