Palo Alto Networks Knowledgebase: How to Determine the Earliest Date and Oldest Logs on the Palo Alto Networks Device

How to Determine the Earliest Date and Oldest Logs on the Palo Alto Networks Device

7384
Created On 02/07/19 23:51 PM - Last Updated 02/07/19 23:52 PM
Content Release Deployment
Resolution

Details

Log files are overwritten on the Palo Alto Networks device. To determine the earliest and latest dates in a log file, run the following commands on the CLI.

Use the show log command with the log name:

> show log ?


> appstat   Show appstat logs
> config    Show config logs
> data      Show threat logs
> system    Show system logs
> threat    Show threat logs
> thsum     Show trsum logs
> traffic   Show traffic logs
> trsum     Show trsum logs
> url       Show threat logs

 

The following example uses the trafic log:

show log traffic direction equal {forward|backward}

 

"Forward" takes you to the oldest logs while "backward" takes you to the latest logs.

> show log traffic direction equal forward

 

Time                App             From            Src Port   Source
Rule                Action          To              Dst Port   Destination
                    Src User        Dst User
===============================================================================
2009/11/05 05:28:42 syslog          corp-untrust    47723     10.1.7.2
DO NOT REMOVE- INBO allow           corp-trust      514       10.16.2.84
                                    paloaltonetwork\test
2009/11/05 05:28:43 syslog          corp-untrust    35633     10.1.7.2
DO NOT REMOVE- INBO allow           corp-trust      514       10.16.2.84

 

> show log traffic direction equal backward
Time                App             From            Src Port   Source
Rule                Action          To              Dst Port   Destination
                    Src User        Dst User
===============================================================================
2010/01/15 11:26:34 not-applicable  test-untrust    49103     82.250.95.31
rule48              deny            test-trust      40251     67.110.246.94

2010/01/15 11:26:33 not-applicable  test-untrust    63786     94.243.250.176
rule48              deny            test-trust      40251     67.110.246.94

 

To view the logs on the web GUI, go to the Monitor > Logs > Traffic page. The option to see per page in 'DESC' or 'ASC' is located at the left bottom of the view.

'DESC' shows the most recent logs at the top :

Oldest.png

'ASC' shows the oldest logs at the top:

newlog2.JPG

 

owner: panagent



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRJCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language