Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Username not displayed in traffic logs - Knowledge Base - Palo Alto Networks

Username not displayed in traffic logs

41248
Created On 09/25/18 19:26 PM - Last Modified 03/22/24 20:25 PM


Symptom


When reviewing traffic logs (GUI: Monitor > Logs > Traffic), source user is not listed.

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS versions
  • User Identification


Cause


User Identification is not enabled on the source zone where users are initiating traffic

Resolution


  1. Go to GUI: Network > Zones > select the source Zone were users are located (should be a trusted zone).
  2. Verify users' subnets are included in the 'Trust Zone'.
  3. Make sure to check "Enable User Identification".

image.png



Additional Information


Few other reasons for username not displayed in traffic logs:
  • The user subnet is excluded from being monitored in the source zone.
  • Logging issues can prevent the username being displayed even when there is a correct ip-user mapping.
  • When the ip-user mapping timeout is short, the mapping may get timed out.


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClYuCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language