Details
Log files are overwritten on the Palo Alto Networks device. To determine the earliest and latest dates in a log file, run the following commands on the CLI.
Use the show log command with the log name:
> show log ?
> appstat Show appstat logs
> config Show config logs
> data Show threat logs
> system Show system logs
> threat Show threat logs
> thsum Show trsum logs
> traffic Show traffic logs
> trsum Show trsum logs
> url Show threat logs
The following example uses the trafic log:
show log traffic direction equal {forward|backward}
"Forward" takes you to the oldest logs while "backward" takes you to the latest logs.
> show log traffic direction equal forward
Time App From Src Port Source
Rule Action To Dst Port Destination
Src User Dst User
===============================================================================
2009/11/05 05:28:42 syslog corp-untrust 47723 10.1.7.2
DO NOT REMOVE- INBO allow corp-trust 514 10.16.2.84
paloaltonetwork\test
2009/11/05 05:28:43 syslog corp-untrust 35633 10.1.7.2
DO NOT REMOVE- INBO allow corp-trust 514 10.16.2.84
> show log traffic direction equal backward
Time App From Src Port Source
Rule Action To Dst Port Destination
Src User Dst User
===============================================================================
2010/01/15 11:26:34 not-applicable test-untrust 49103 82.250.95.31
rule48 deny test-trust 40251 67.110.246.94
2010/01/15 11:26:33 not-applicable test-untrust 63786 94.243.250.176
rule48 deny test-trust 40251 67.110.246.94
To view the logs on the web GUI, go to the Monitor > Logs > Traffic page. The option to see per page in 'DESC' or 'ASC' is located at the left bottom of the view.
'DESC' shows the most recent logs at the top :
'ASC' shows the oldest logs at the top:
owner: panagent