Username not displayed in traffic logs

Username not displayed in traffic logs

36001
Created On 09/25/18 19:26 PM - Last Modified 03/22/24 20:25 PM


Symptom


When reviewing traffic logs (GUI: Monitor > Logs > Traffic), source user is not listed.

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS versions
  • User Identification

Cause


User Identification is not enabled on the source zone where users are initiating traffic

Resolution


  1. Go to GUI: Network > Zones > select the source Zone were users are located (should be a trusted zone).
  2. Verify users' subnets are included in the 'Trust Zone'.
  3. Make sure to check "Enable User Identification".

image.png

Additional Information


Few other reasons for username not displayed in traffic logs:
  • The user subnet is excluded from being monitored in the source zone.
  • Logging issues can prevent the username being displayed even when there is a correct ip-user mapping.
  • When the ip-user mapping timeout is short, the mapping may get timed out.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClYuCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language