Palo Alto Networks Knowledgebase: Tips & Tricks: Scheduled predefined reports

Tips & Tricks: Scheduled predefined reports

2339
Created On 02/07/19 23:49 PM - Last Updated 02/07/19 23:50 PM
Resolution
PAN-OS has a set of helpful, predefined reports that allow traffic visibility in the network. The reports, scheduled and generated by default, save the administrator from configuring custom reports.
 
The Palo Alto Networks firewall and Panorama provide various predefined reports of traffic statistics for all previous days. You can find these at Monitor tab > Reports:
 
Predefined reports
 
To view the reports, click the report names on the right (Custom Reports, Application Reports, Traffic Reports, Threat Reports, URL Filtering Reports, and PDF Summary Reports). Note that Custom Reports won't be listed if you haven't created any.
 
Predefined reports
 
By default, all reports are displayed for the previous calendar day. To view reports for any of the previous days, select a report generation date from the select drop-down list at the bottom-right of the page.
 
Predefined reports
 
The reports are listed in sections. You can view the information in each report for the selected time period. To export the log in CSV format, click Export to CSV. To open the log information in PDF format, click Export to PDF.

 

For scheduled predefined and custom reports, report statistics are aggregated every 15 minutes and are forwarded to Panorama on an hourly basis.

 

Scheduled local reports (pre-defined and custom) are run at 2:02 a.m.

 

You can also use the CLI to get your report.  Below is an example that shows how to use the CLI to generate your report:

 

> show report predefined name equal top-rules
<?xml version="1.0"?>
<report reportname="top-rules" logtype="trsum">
  <result name="Top security rules" logtype="trsum" start="2016/01/04 00:00:00" start-epoch="1451894400" end="2016/01/04 23:59:59" end-epoch="1451980799" generated-at="2016/0
1/05 01:52:49" generated-at-epoch="1451987569" range="Monday, January 04, 2016">
    <entry>
      <serial>007000001728</serial>
      <vsys>vsys1</vsys>
      <rule>Any Allow</rule>
      <bytes>1442722</bytes>
      <sessions>1335</sessions>
    </entry>
  </result>
</report>

 

Predefined reports can also be added to report groups just like custom reports under Monitor > PDF Reports > Report Groups. Select the predefined report on the left and click 'Add' as shown below:

 

Report Group

 

Predefined reports created on the firewall/Panorama can be modified under the Device tab > Setup > Management > Logging and Reporting Settings:

 

Predefined reports

 

Sometimes, you might want to disable some of the predefined reports on your devices. Disabling some reports allows you to save on management plane (MP) CPU usage. Alternatively, you might have configured custom reports that contain the same data, so you can now remove the predefined report. Starting from PAN-OS 6.0, all reports (predefined reports, specific reports, or a group of reports) can be disabled.

 

Alternatively, you can use the CLI to disable specific reports or a set of predefined reports:

 

> configure
# set deviceconfig setting management disable-predefined-reports <name-of-report>
# commit

 

To get a full list of available predefined reports, press the tab key in the above CLI command.  

Alternatively, you can use the API to get the full list. Using the API, browse to:

 

https://x.x.x.x/php/rest/browse.php/report::predefined: 

 

"SaaS Application Usage"

predefined-reports SaaS Application Usage

bandwidth-trend                

predefined-reports bandwidth-trend

risk-trend                     

predefined-reports risk-trend

risky-users                    

predefined-reports risky-users

spyware-infected-hosts         

predefined-reports spyware-infected-hosts

threat-trend                   

predefined-reports threat-trend

top-application-categories     

predefined-reports top-application-categories

top-applications               

predefined-reports top-applications

top-attackers                  

predefined-reports top-attackers

top-attackers-by-countries     

predefined-reports top-attackers-by-countries

top-attacks                    

predefined-reports top-attacks

top-blocked-url-categories     

predefined-reports top-blocked-url-categories

top-blocked-url-user-behavior  

predefined-reports top-blocked-url-user-behavior

top-blocked-url-users          

predefined-reports top-blocked-url-users

top-blocked-websites           

predefined-reports top-blocked-websites

top-connections                

predefined-reports top-connections

top-denied-applications        

predefined-reports top-denied-applications

top-denied-destinations        

predefined-reports top-denied-destinations

top-denied-sources             

predefined-reports top-denied-sources

top-destination-countries      

predefined-reports top-destination-countries

top-destinations               

predefined-reports top-destinations

top-egress-interfaces          

predefined-reports top-egress-interfaces

top-egress-zones               

predefined-reports top-egress-zones

top-http-applications          

predefined-reports top-http-applications

top-ingress-interfaces         

predefined-reports top-ingress-interfaces

top-ingress-zones              

predefined-reports top-ingress-zones

top-rules                      

predefined-reports top-rules

top-source-countries           

predefined-reports top-source-countries

top-sources                    

predefined-reports top-sources

top-spyware-threats            

predefined-reports top-spyware-threats

top-technology-categories      

predefined-reports top-technology-categories

top-url-categories             

predefined-reports top-url-categories

top-url-user-behavior          

predefined-reports top-url-user-behavior

top-url-users                  

predefined-reports top-url-users

top-users                      

predefined-reports top-users

top-victims                    

predefined-reports top-victims

top-victims-by-countries       

predefined-reports top-victims-by-countries

top-viruses                    

predefined-reports top-viruses

top-vulnerabilities            

predefined-reports top-vulnerabilities

top-websites                   

predefined-reports top-websites

unknown-tcp-connections        

predefined-reports unknown-tcp-connections

unknown-udp-connections        

predefined-reports unknown-udp-connections

wildfire-file-digests          

predefined-reports wildfire-file-digests

 

 

As always, feel free to post feedback or comments below.

 

Please also 'Like' if this article has helped you in any way.

 

Thanks for reading,


Kim Wens



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTvCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language