Session Log Best Practices

Session Log Best Practices

Created On 09/26/18 13:50 PM - Last Modified 10/31/23 21:36 PM


Information on Session Log Setting.


  • Palo Alto Firewalls
  • Supported PAN-OS
  • Session Log


  1. Session logging is a useful troubleshooting tool for debugging policy problems.
  2. When creating or editing a security rule, an option to log the transaction is available with two options, Log at Session Start or Log at Session End.


  1. For regular logging, the best practice is to log at session end.
  2. The reason for that is that applications are likely to change throughout the lifespan of the session.
  3. A separate session start log is created for each individual application detected during the lifespan of a session. For example, "facebook" it will show "SSL", then "facebook-base" and other facebook related applications depending on the user's activity on the website, and if SSL decryption is configured.
  4. Logging at "session start" is normally done for troubleshooting purpose as this puts extra load on the management plane's CPU.

Additional Information

Monitor logs displaying facebook in the start and end of sessions (including ssl, facebook-base) Monitor logs for facebook application

  • Print
  • Copy Link

Choose Language