Tips & Tricks: Scheduled predefined reports

53309

Created On 09/25/18 19:03 PM - Last Modified 06/15/23 21:29 PM

PAN-OS

Panorama

Next-Generation Firewall

Environment

Palo Alto Firewall / Panorama
Predefined Reports.

Resolution

PAN-OS has a set of helpful, predefined reports that allow traffic visibility in the network. The reports, scheduled and generated by default, save the administrator from configuring custom reports.

The Palo Alto Networks firewall and Panorama provide various predefined reports of traffic statistics for all previous days. You can find these at Monitor tab > Reports:

To view the reports, click the report names on the right (Custom Reports, Application Reports, Traffic Reports, Threat Reports, URL Filtering Reports, and PDF Summary Reports). Note that Custom Reports won't be listed if you haven't created any.

By default, all reports are displayed for the previous calendar day. To view reports for any of the previous days, select a report generation date from the select drop-down list at the bottom-right of the page.

The reports are listed in sections. You can view the information in each report for the selected time period. To export the log in CSV format, click Export to CSV. To open the log information in PDF format, click Export to PDF.

For scheduled predefined and custom reports, report statistics are aggregated every 15 minutes and are forwarded to Panorama on an hourly basis.

Scheduled local reports (pre-defined and custom) are run at 2:02 a.m.

You can also use the CLI to get your report. Below is an example that shows how to use the CLI to generate your report:

> show report predefined name equal top-rules
<?xml version="1.0"?>
<report reportname="top-rules" logtype="trsum">
  <result name="Top security rules" logtype="trsum" start="2016/01/04 00:00:00" start-epoch="1451894400" end="2016/01/04 23:59:59" end-epoch="1451980799" generated-at="2016/0
1/05 01:52:49" generated-at-epoch="1451987569" range="Monday, January 04, 2016">
    <entry>
      <serial>007000001728</serial>
      <vsys>vsys1</vsys>
      <rule>Any Allow</rule>
      <bytes>1442722</bytes>
      <sessions>1335</sessions>
    </entry>
  </result>
</report>

Predefined reports can also be added to report groups just like custom reports under Monitor > PDF Reports > Report Groups. Select the predefined report on the left and click 'Add' as shown below:

Report Group

Predefined reports created on the firewall/Panorama can be modified under the Device tab > Setup > Management > Logging and Reporting Settings:

Predefined reports

Sometimes, you might want to disable some of the predefined reports on your devices. Disabling some reports allows you to save on management plane (MP) CPU usage. Alternatively, you might have configured custom reports that contain the same data, so you can now remove the predefined report. Starting from PAN-OS 6.0, all reports (predefined reports, specific reports, or a group of reports) can be disabled.

Alternatively, you can use the CLI to disable specific reports or a set of predefined reports:

> configure
# set deviceconfig setting management disable-predefined-reports <name-of-report>
# commit

To get a full list of available predefined reports, press the tab key in the above CLI command.

Alternatively, you can use the API to get the full list. Using the API, browse to:

https://x.x.x.x/php/rest/browse.php/report::predefined:

"SaaS Application Usage"	predefined-reports SaaS Application Usage
bandwidth-trend	predefined-reports bandwidth-trend
risk-trend	predefined-reports risk-trend
risky-users	predefined-reports risky-users
spyware-infected-hosts	predefined-reports spyware-infected-hosts
threat-trend	predefined-reports threat-trend
top-application-categories	predefined-reports top-application-categories
top-applications	predefined-reports top-applications
top-attackers	predefined-reports top-attackers
top-attackers-by-countries	predefined-reports top-attackers-by-countries
top-attacks	predefined-reports top-attacks
top-blocked-url-categories	predefined-reports top-blocked-url-categories
top-blocked-url-user-behavior	predefined-reports top-blocked-url-user-behavior
top-blocked-url-users	predefined-reports top-blocked-url-users
top-blocked-websites	predefined-reports top-blocked-websites
top-connections	predefined-reports top-connections
top-denied-applications	predefined-reports top-denied-applications
top-denied-destinations	predefined-reports top-denied-destinations
top-denied-sources	predefined-reports top-denied-sources
top-destination-countries	predefined-reports top-destination-countries
top-destinations	predefined-reports top-destinations
top-egress-interfaces	predefined-reports top-egress-interfaces
top-egress-zones	predefined-reports top-egress-zones
top-http-applications	predefined-reports top-http-applications
top-ingress-interfaces	predefined-reports top-ingress-interfaces
top-ingress-zones	predefined-reports top-ingress-zones
top-rules	predefined-reports top-rules
top-source-countries	predefined-reports top-source-countries
top-sources	predefined-reports top-sources
top-spyware-threats	predefined-reports top-spyware-threats
top-technology-categories	predefined-reports top-technology-categories
top-url-categories	predefined-reports top-url-categories
top-url-user-behavior	predefined-reports top-url-user-behavior
top-url-users	predefined-reports top-url-users
top-users	predefined-reports top-users
top-victims	predefined-reports top-victims
top-victims-by-countries	predefined-reports top-victims-by-countries
top-viruses	predefined-reports top-viruses
top-vulnerabilities	predefined-reports top-vulnerabilities
top-websites	predefined-reports top-websites
unknown-tcp-connections	predefined-reports unknown-tcp-connections
unknown-udp-connections	predefined-reports unknown-udp-connections
wildfire-file-digests	predefined-reports wildfire-file-digests

Additional Information

Note: The reports are stored in "pancfg" partition.

Tips & Tricks: Scheduled predefined reports

Environment

Resolution

Additional Information

Other users also viewed: