Neither the option for Packet Capture nor System Log is available under Monitor Tab

Neither the option for Packet Capture nor System Log is available under Monitor Tab

21279
Created On 09/25/18 18:47 PM - Last Modified 06/16/23 20:14 PM


Resolution


Symptom

In a multiple virtual system (multi-vsys) environment, when viewing a specific virtual system (example, vsys1) context on the Palo Alto Networks firewall, neither the option for Packet Capture nor System Log is available under the Monitor tab.

Another possible scenario is in an environment where multiple administrators (with role-based access), manage the firewall. If packet capture or system log (or both) is "disabled" in an admin role's profile, the administrator associated with that profile will not be able to see packet capture options or system log option (or both) under the Monitor tab.

User-added image

Note: Notice how neither the option for Packet Capture nor System Log is available.

Cause

Both options are visible only when the virtual system context is set to All, as shown below:

User-added image
 

Both options are not available on an individual virtual system (vsys) basis. They are available as a common global tool for all virtual systems, irrespective of the number of vsys configured on the Palo Alto Networks firewall.

In a scenario where packet capture or system log (or both) is disabled in an admin role profile, the administrator to which the profile is associated, will not be able to see packet capture option or system log option (or both) under the Monitor tab.

As an example, consider an admin role profile with packet capture option disabled as shown below:

packet capture 3.png

 

You also need to enable Privacy option which contains the "view PCAP files" option. This can be found under the Privacy section,there is an option that specifies "view pcap files". These two are correlated, both need to be selected to work.

packet capture 5.pngView PCAP Files option under Privacy.

 

The admin role profile is associated with an administrator account:

packet capture 4.png

 

In this case, the admin role profile "test-role" is associated with administrator account "testadmin". If testadmin successfully logs into the Palo Alto Networks device and navigates to Monitor tab, they will not be able to see the packet capture option.

 

owner: tshivkumar

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClQpCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language