I am very new to the Pan-OS API so I am looking for some help retrieving the information I need. Below is a bit of background. I have a few dozen servers and applications that I monitor and support. At the moment some of these apps allow us to look at usage metrics and some of the don't. The ones that do have some form of metrics, do not necessarily monitor the same type of information. So even when we collect them we aren't comparing apples to apples. What we are looking for here is a consistent method for comparing usage of our servers by capturing the last access date/time of each of the users on the system. Essentially being able to see which users are using an app frequently and which are using it rarely or perhaps never. This will allow us to make licensing and purchase descisions as well as clean up accounts that are not in use. The information we are looking for we know is in the Panorama system in the form of traffic logs. We can do queries to find a user's last time they sent a request to the server in question. I am currently doing this by looping through all the users we have in our system by user ID and sending a query to the API like this /api/?type=log&log-type=traffic&nlogs=1&query='. urlencode('((srcuser eq "'. $user .'") and (addr.dst in '. $ip .'))') .'&key='. $key Which gives me the most recent log entry for the user, the issue is that I have to submit this query 870 times to update each user in just one system. Is there instead a way to either pass the API a list of users that we want each of their most recent system access log, or to get only the unique user entries that have been logged in a certain time frame? Because if I just query the logs for the last 1000 log entries I am going to get the most recent 10-20 users and all their activity. Is there a better way to request the information I am looking for that would be either less requests or more efficiently get the data I need? Any help would be much appreciated.
... View more