Username not displayed in traffic logs
41248
Created On 09/25/18 19:26 PM - Last Modified 03/22/24 20:25 PM
Symptom
When reviewing traffic logs (GUI: Monitor > Logs > Traffic), source user is not listed.
Environment
- Palo Alto Firewalls
- Supported PAN-OS versions
- User Identification
Cause
User Identification is not enabled on the source zone where users are initiating traffic
Resolution
- Go to GUI: Network > Zones > select the source Zone were users are located (should be a trusted zone).
- Verify users' subnets are included in the 'Trust Zone'.
- Make sure to check "Enable User Identification".
Additional Information
Few other reasons for username not displayed in traffic logs:
- The user subnet is excluded from being monitored in the source zone.
- Logging issues can prevent the username being displayed even when there is a correct ip-user mapping.
- When the ip-user mapping timeout is short, the mapping may get timed out.