How to Enable Logging for Global Counters

How to Enable Logging for Global Counters

36417
Created On 09/25/18 17:42 PM - Last Modified 01/31/25 19:16 PM


Procedure


Details

This feature is helpful in identifying which packets are triggering a specific global counter. The first step would be to configure the packet filter to make sure the logging for the counter is enabled for specific traffic.

 

Set the packet filter using the following CLI commands:

> debug dataplane packet-diag set filter match source <source ip> destination <destination ip>

 

Note: Up to 4 filters can be set, it will take no more than 4.

 

To enable logging for global counters, use the following CLI command:

> debug dataplane packet-diag set log counter <counter name>

 

In order to match certain global counters for logging purposes, pre-parse match has to be enabled. Enable pre-parse using the following CLI command:

> debug dataplane packet-diag set filter pre-parse-match yes

 

From the WebGUI , pre-parse can be enabled by going to Monitor > Packet Capture:

Pre-parse1.JPG

 

Be careful while monitoring the counters that change at high frequency, because each change in the counter will trigger a log message.

 

To enable logging for global counters, run the following CLI command:

> debug dataplane packet-diag set log counter <counter name>

 

The additional information can be viewed in System logs:

Log counter.PNG

 

To disable the logging, run the following CLI command:

> debug dataplane packet-diag clear log counter <counter_name>

 

To stop all counters being monitored, use the following CLI command:

> debug dataplane packet-diag clear log counter all

 

owner: ssunku
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIkCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language