Tips & Tricks: Scheduled predefined reports
Environment
- Palo Alto Firewall / Panorama
- Predefined Reports.
Resolution
For scheduled predefined and custom reports, report statistics are aggregated every 15 minutes and are forwarded to Panorama on an hourly basis.
Scheduled local reports (pre-defined and custom) are run at 2:02 a.m.
You can also use the CLI to get your report. Below is an example that shows how to use the CLI to generate your report:
> show report predefined name equal top-rules <?xml version="1.0"?> <report reportname="top-rules" logtype="trsum"> <result name="Top security rules" logtype="trsum" start="2016/01/04 00:00:00" start-epoch="1451894400" end="2016/01/04 23:59:59" end-epoch="1451980799" generated-at="2016/0 1/05 01:52:49" generated-at-epoch="1451987569" range="Monday, January 04, 2016"> <entry> <serial>007000001728</serial> <vsys>vsys1</vsys> <rule>Any Allow</rule> <bytes>1442722</bytes> <sessions>1335</sessions> </entry> </result> </report>
Predefined reports can also be added to report groups just like custom reports under Monitor > PDF Reports > Report Groups. Select the predefined report on the left and click 'Add' as shown below:
Predefined reports created on the firewall/Panorama can be modified under the Device tab > Setup > Management > Logging and Reporting Settings:
Sometimes, you might want to disable some of the predefined reports on your devices. Disabling some reports allows you to save on management plane (MP) CPU usage. Alternatively, you might have configured custom reports that contain the same data, so you can now remove the predefined report. Starting from PAN-OS 6.0, all reports (predefined reports, specific reports, or a group of reports) can be disabled.
Alternatively, you can use the CLI to disable specific reports or a set of predefined reports:
> configure # set deviceconfig setting management disable-predefined-reports <name-of-report> # commit
To get a full list of available predefined reports, press the tab key in the above CLI command.
Alternatively, you can use the API to get the full list. Using the API, browse to:
https://x.x.x.x/php/rest/browse.php/report::predefined:
"SaaS Application Usage" |
predefined-reports SaaS Application Usage |
bandwidth-trend |
predefined-reports bandwidth-trend |
risk-trend |
predefined-reports risk-trend |
risky-users |
predefined-reports risky-users |
spyware-infected-hosts |
predefined-reports spyware-infected-hosts |
threat-trend |
predefined-reports threat-trend |
top-application-categories |
predefined-reports top-application-categories |
top-applications |
predefined-reports top-applications |
top-attackers |
predefined-reports top-attackers |
top-attackers-by-countries |
predefined-reports top-attackers-by-countries |
top-attacks |
predefined-reports top-attacks |
top-blocked-url-categories |
predefined-reports top-blocked-url-categories |
top-blocked-url-user-behavior |
predefined-reports top-blocked-url-user-behavior |
top-blocked-url-users |
predefined-reports top-blocked-url-users |
top-blocked-websites |
predefined-reports top-blocked-websites |
top-connections |
predefined-reports top-connections |
top-denied-applications |
predefined-reports top-denied-applications |
top-denied-destinations |
predefined-reports top-denied-destinations |
top-denied-sources |
predefined-reports top-denied-sources |
top-destination-countries |
predefined-reports top-destination-countries |
top-destinations |
predefined-reports top-destinations |
top-egress-interfaces |
predefined-reports top-egress-interfaces |
top-egress-zones |
predefined-reports top-egress-zones |
top-http-applications |
predefined-reports top-http-applications |
top-ingress-interfaces |
predefined-reports top-ingress-interfaces |
top-ingress-zones |
predefined-reports top-ingress-zones |
top-rules |
predefined-reports top-rules |
top-source-countries |
predefined-reports top-source-countries |
top-sources |
predefined-reports top-sources |
top-spyware-threats |
predefined-reports top-spyware-threats |
top-technology-categories |
predefined-reports top-technology-categories |
top-url-categories |
predefined-reports top-url-categories |
top-url-user-behavior |
predefined-reports top-url-user-behavior |
top-url-users |
predefined-reports top-url-users |
top-users |
predefined-reports top-users |
top-victims |
predefined-reports top-victims |
top-victims-by-countries |
predefined-reports top-victims-by-countries |
top-viruses |
predefined-reports top-viruses |
top-vulnerabilities |
predefined-reports top-vulnerabilities |
top-websites |
predefined-reports top-websites |
unknown-tcp-connections |
predefined-reports unknown-tcp-connections |
unknown-udp-connections |
predefined-reports unknown-udp-connections |
wildfire-file-digests |
predefined-reports wildfire-file-digests |
Additional Information
Note: The reports are stored in "pancfg" partition.