How to retrieve configuration logs via API call

How to retrieve configuration logs via API call

2760
Created On 06/12/20 02:18 AM - Last Modified 06/26/24 22:31 PM


Objective


How to retrieve configuration logs via API call. 

Environment


  • Palo Alto Firewalls
  • PANOS 8.1 and Later Versions
  • Configuration Logs
  • API

Procedure


  1. First obtain the authorization API key to be used in subsequent API commands
https://<FIREWALL_IP>/api/?type=keygen&user=<USERNAME>&password=<PASSWORD>
  1. Issue the API command for the timestamp of the configuration logs that are desired to start the job to display the jobid to be used in step (3) below:
https://<FIREWALL_IP>/api/?type=log&log-type=config&query=(receive_time geq '2020/05/26 17:00:00')&key=<API_KEY>
  • Use the actual Firewall Management IP for <FIREWALL_IP>;
  • API Key from step (1) for <API_KEY>;
  • Desired "receive_time" as the above is a example sample time.
  1. Issue the API command below substituting the jobid learned in step (2) above to retrieve and display the configuration log output from the job kicked off.  In this example the jobid = 252.
https://<FIREWALL_IP>/api/?type=log&action=get&job-id=252&key=<API_KEY>


Additional Information


Example:
  1. Authorization API key
https://<FIREWALL_IP>/api/?type=keygen&user=<USERNAME>&password=<PASSWORD>
(Sample output) 
<response status="success">
<result>
<key>
LUF3042987010WVNaGp6344628UFwbGhkMm30429870101276344628TNaS1MyYQ==
</key>
</result>
</response>
  1. API key used with the timestamp of the configuration logs that are desired to start the job to display the jobid to be used in step (3) below:
https://<FIREWALL_IP>/api/?type=log&log-type=config&query=(receive_time geq '2020/05/26 17:00:00')&key=<API_KEY>

OUTPUT: 
<response status="success" code="19">
<result>
<msg>
<line>query job enqueued with jobid 252</line>
</msg>
<job>252</job>
</result>
</response>
  1. API command used with the jobid learned in step (2) to retrieve and display the configuration log output from the job kicked off.  In this example the jobid = 252:
https://<FIREWALL_IP>/api/?type=log&action=get&job-id=252&key=<API_KEY>
 
OUTPUT: 
<response status="success">
<result>
<job>
<tenq>20:21:47</tenq>
<tdeq>20:21:47</tdeq>
<tlast>20:21:47</tlast>
<status>FIN</status>
<id>252</id>
</job>
--------(Output Omitted)..................
</result>
</response>


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008UPpCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail