General Articles
LIVEcommunity's General Articles area is home to how-to resources, technical documentation, and discussions with Accepted Solutions that turn into articles related to all Palo Alto Networks products.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
About General Articles
LIVEcommunity's General Articles area is home to how-to resources, technical documentation, and discussions with Accepted Solutions that turn into articles related to all Palo Alto Networks products.
This Nominated Discussion Article is based on the post "How to view correlated logs on the FW ?" by @${userLoginName} and replied to by @kiwi, @OtakarKlier, @Terje_Lundbo    I currently have an environment with TP, GP, ADVURL and WF and sometimes I need to see the full info of a user instead of going to traffic and check some portion then go to URL filtering and find something "maybe" related and so on.   I keep getting results of using ACC but even there it is split in tabs, so I can check traffic but then I need to switch to threats to see some more.   Is there a way even via ACC to create a view that shows everything related to that traffic?   If you go to the detailed log view you'll get related logs for the same session at the bottom. Notice how this example shows the related url logs and threat logs (identified by the TYPE column) at the bottom for the selected traffic log:     In addition to that you can look at the Unified logs. This combines the Traffic, URL, and Threat logs into the same view. Then when you find the log you wish to drill down into, click the Magnifying glass icon.     You can control which logs are shown in Unified by clicking on the two down arrows to the left of the query field and choose your log types. To get reasonable quick responses I have been advised by TAC to limit the log types to maximum 3.     In addition to this, if you put a date and time then a great then feature, this will also speed things up.    ( receive_time geq '2023/10/06 00:00:00' ) will filter on any logs created after 12am on Oct 10.
View full article
  • 182 Posts
  • 257 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Labels
Top Contributors
Top Liked Posts in LIVEcommunity Article
Top Liked Authors