Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to Determine the Earliest Date and Oldest Logs on the Palo ... - Knowledge Base - Palo Alto Networks

How to Determine the Earliest Date and Oldest Logs on the Palo Alto Networks Device

82591
Created On 09/25/18 18:51 PM - Last Modified 06/06/23 02:26 AM


Resolution


Details

Log files are overwritten on the Palo Alto Networks device. To determine the earliest and latest dates in a log file, run the following commands on the CLI.

Use the show log command with the log name:

> show log ?


> appstat   Show appstat logs
> config    Show config logs
> data      Show threat logs
> system    Show system logs
> threat    Show threat logs
> thsum     Show trsum logs
> traffic   Show traffic logs
> trsum     Show trsum logs
> url       Show threat logs

 

The following example uses the trafic log:

show log traffic direction equal {forward|backward}

 

"Forward" takes you to the oldest logs while "backward" takes you to the latest logs.

> show log traffic direction equal forward

 

Time                App             From            Src Port   Source
Rule                Action          To              Dst Port   Destination
                    Src User        Dst User
===============================================================================
2009/11/05 05:28:42 syslog          corp-untrust    47723     10.1.7.2
DO NOT REMOVE- INBO allow           corp-trust      514       10.16.2.84
                                    paloaltonetwork\test
2009/11/05 05:28:43 syslog          corp-untrust    35633     10.1.7.2
DO NOT REMOVE- INBO allow           corp-trust      514       10.16.2.84

 

> show log traffic direction equal backward
Time                App             From            Src Port   Source
Rule                Action          To              Dst Port   Destination
                    Src User        Dst User
===============================================================================
2010/01/15 11:26:34 not-applicable  test-untrust    49103     82.250.95.31
rule48              deny            test-trust      40251     67.110.246.94

2010/01/15 11:26:33 not-applicable  test-untrust    63786     94.243.250.176
rule48              deny            test-trust      40251     67.110.246.94

 

To view the logs on the web GUI, go to the Monitor > Logs > Traffic page. The option to see per page in 'DESC' or 'ASC' is located at the left bottom of the view.

'DESC' shows the most recent logs at the top :

Oldest.png

'ASC' shows the oldest logs at the top:

newlog2.JPG

 

owner: panagent



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRJCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language