Palo Alto Networks Knowledgebase: Filtering Traffic Logs for Only Unidentified Users

Filtering Traffic Logs for Only Unidentified Users

4651
Created On 02/07/19 23:55 PM - Last Updated 02/07/19 23:56 PM
Reporting and Logging
Resolution

Overview

In Captive Portal scenarios, traffic flows through the Palo Alto Networks device for unidentified users. The traffic logs show an empty Source User for unidentified users:

 

No filter is available to view only the logs that have an empty Source User column.

 

Resolution

To view only the logs that empty or unidentified Source Users:

  1. On the Monitor > Logs > Traffic page, click the Add Filter button (green plus icon).
  2. Configure the filter with Attribute = Source User and Operator = is present:
    The filter gets added as (user.src neq '').
  3. Remove the 'n' from 'neq,' so that the filter appears as (user.src eq '').
  4. Click the Apply Filter button (green arrow) to activate the filter.
    9892_pastedImage_4.png

owner: kadak



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKJCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language