Under the Monitor Traffic Logs, is there a way to filter by mul... - Knowledge Base - Palo Alto Networks

Under the Monitor Traffic Logs, is there a way to filter by multiple address objects or address group?

Created On 02/16/19 03:14 AM - Last Modified 07/19/22 23:12 PM

Logs

Policy

Reporting and Logging

9.0

PAN-OS

Panorama

Question

The following IP addresses 172.20.118.11; 172.20.118.12; 172.20.118.13 make up an Address Group called Trusted_Clients.
To search the Traffic logs for the associated traffic would require searching individual IP addresses or creating a query with all the addresses. This can present an issue if the Address Group is quite large.

Query Logs

Environment

PAN-OS 9.0

Answer

Starting in 9.0, the option to query the Monitor logs by Address Group name is supported
Query Address Group Logs

Note: A shortcut to add a query for an Address Group object can be done by using the drop down where the Address Group resides
On the GUI, navigate to Objects > Address Groups

Click on the drop down and select "Query Traffic Log"

Additional Information

Limitation:

The address expansion of objects ONLY APPLIES to static address objects
DOES NOT apply for Dynamic Address Objects, Dynamic Address Groups (Groups with Dynamic Address Objects), and FQDN address objects

Other users also viewed:

How to download GlobalProtect from the Customer Support Portal

Download and Install the GlobalProtect App for Windows

Resource List: GlobalProtect Configuring and Troubleshooting

PAN-OS Software Updates

Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)