This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Policy with "Log at Session Start" option - how to find it?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Policy with "Log at Session Start" option - how to find it?

Go to solution
_slv_
L4 Transporter

‎07-22-2013 12:10 AM

Hello

I have about 100 polices on my device, some of them has "Log at Session Start" option enabled. Is it posisible to find it from the CLI ?

I have very little skills in CLI so please give me the whole CLI command.

I realised that my weekly reports are unusable because I have only data from last few days. How I can save some space on PA200 to get more logs than last 7 days?

With regards

SLawek

Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
emr_1
L5 Sessionator

‎07-22-2013 07:16 PM

Hello,

Please use following filter in security rule page (on GUI).

(log-start eq 'yes')


You can change log storage allocation under device tab > setup > management tab > logging and reporting settings

please click edit button on the right upper corner.


Regards,

View solution in original post

7 REPLIES 7

Go to solution
UhMayYeah
L5 Sessionator

‎07-22-2013 07:38 AM

Pre-requisite: Text-Editors like Notepad ++ or PSPad

Method:

Enable Logging for  CLI session from the Terminal Application eg Putty.


CLI Commands:

> set cli pager off

> set cli config-output-format set

> configure

# show rulebase security

Open  CLI session log and Find-All for the string "log-start yes"

Go to solution
ACieszkowski
L3 Networker
In response to UhMayYeah

‎07-22-2013 08:52 AM

Our you could just export whole configuration to XML file and search it.

Considering log size - look at what you are logging. Some chatty protocols (example: DNS) are not always worth logging, think about updates (adobe-update, ms-update) and so on.

Look into ACC, sorting by sessions, at applications. Search for those that you are willing to "sacrifice", disable logging for them.

Go to solution
emr_1
L5 Sessionator

‎07-22-2013 07:16 PM

Hello,

Please use following filter in security rule page (on GUI).

(log-start eq 'yes')


You can change log storage allocation under device tab > setup > management tab > logging and reporting settings

please click edit button on the right upper corner.


Regards,

Go to solution
_slv_
L4 Transporter
In response to UhMayYeah

‎07-23-2013 12:45 AM

Your solution is correct but EMR's solution is much simplier so points must go to EMR.

Thank you to all of you for your help.

With regards

SLawek

0 Likes Likes

Go to solution
ACieszkowski
L3 Networker
In response to emr_1

‎07-23-2013 01:03 AM

emr - Is there any guide for Security Rules filters?

0 Likes Likes

Go to solution
emr_1
L5 Sessionator
In response to ACieszkowski

‎07-23-2013 01:08 AM

I don't know there is any document related to this filter, but I found this filter from PaloAlto API browser and debug for web browser.

You can access to API browser by typing in https://<IP address for MGT>/api/

For debug, you can access to https://<IP address for MGT>/debug

Regards,

0 Likes Likes

Go to solution
mikand
L6 Presenter
In response to emr_1

‎07-23-2013 12:44 PM

I think you must be superadmin to gain access to the /debug page.

0 Likes Likes
  • 1 accepted solution
  • 6993 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks