How to Determine the Earliest Date and Oldest Logs on the Palo Alto Networks Device
Resolution
Details
Log files are overwritten on the Palo Alto Networks device. To determine the earliest and latest dates in a log file, run the following commands on the CLI.
Use the show log command with the log name:
> show log ?
> appstat Show appstat logs
> config Show config logs
> data Show threat logs
> system Show system logs
> threat Show threat logs
> thsum Show trsum logs
> traffic Show traffic logs
> trsum Show trsum logs
> url Show threat logs
The following example uses the trafic log:
show log traffic direction equal {forward|backward}
"Forward" takes you to the oldest logs while "backward" takes you to the latest logs.
> show log traffic direction equal forward
Time App From Src Port Source
Rule Action To Dst Port Destination
Src User Dst User
===============================================================================
2009/11/05 05:28:42 syslog corp-untrust 47723 10.1.7.2
DO NOT REMOVE- INBO allow corp-trust 514 10.16.2.84
paloaltonetwork\test
2009/11/05 05:28:43 syslog corp-untrust 35633 10.1.7.2
DO NOT REMOVE- INBO allow corp-trust 514 10.16.2.84
> show log traffic direction equal backward
Time App From Src Port Source
Rule Action To Dst Port Destination
Src User Dst User
===============================================================================
2010/01/15 11:26:34 not-applicable test-untrust 49103 82.250.95.31
rule48 deny test-trust 40251 67.110.246.94
2010/01/15 11:26:33 not-applicable test-untrust 63786 94.243.250.176
rule48 deny test-trust 40251 67.110.246.94
To view the logs on the web GUI, go to the Monitor > Logs > Traffic page. The option to see per page in 'DESC' or 'ASC' is located at the left bottom of the view.
'DESC' shows the most recent logs at the top :
'ASC' shows the oldest logs at the top:
owner: panagent