How to retrieve System logs via API call

How to retrieve System logs via API call

10599
Created On 04/27/23 17:02 PM - Last Modified 04/29/23 02:30 AM


Objective


To retrieve system logs via API call.

Environment


  • Palo Alto Firewall or Panorama
  • PANOS 8.1 and Later Versions
  • System Logs
  • API

Procedure


The function  is performed using https commands directly from a web browser.
  1. Obtain the authorization API key to be used in subsequent API commands. Command below.
https://10.46.34.37/api/?type=keygen&user=admin&password=123456789
Output: 
<response status="success">
<result>
<key>
LUF3042987010WVNaGp6344628UFwbGhkMm30429870101276344628TNaS1MyYQ==
</key>
</result>
</response>
 
  1. Issue the API command for the system logs for a specific Job ID.
Note: Use Firewall Management IP for <Firewall_IP>; and API Key from step 1.

Example: Using Lab firewall with JobID as 7.
https://10.46.34.37/api/?type=log&log-type=system&query=(description contains 'JobId=7')&key=LUF3042987010WVNaGp6344628UFwbGhkMm30429870101276344628TNaS1MyYQ== 

<response status="success" code="19">
<result>
<msg>
<line>query job enqueued with jobid 23</line> >>>> Note the job ID to be used for the query
</msg>
<job>23</job>
</result>
</response>
 
  1.  Issue the API command below substituting the jobid learned in step (2) above to retrieve and display the system log output from the job kicked off.  In this example the jobid = 23

Example:

https://10.46.34.37/api/?type=log&action=get&;job-id=23&key=LUF3042987010WVNaGp6344628UFwbGhkMm30429870101276344628TNaS1MyYQ== 

<response status="success">
<result>
<job>
<tenq>14:38:45</tenq>
<tdeq>14:38:45</tdeq>
<tlast>14:38:45</tlast>
<status>FIN</status>
<id>23</id>
</job>
<log>
<logs count="20" progress="100">
<entry logid="7221688578500198765">
<domain>1</domain>
<receive_time>2023/04/13 22:11:57</receive_time>
<serial>001801010900</serial>
<seqno>480378</seqno>
<actionflags>0x0</actionflags>
<is-logging-service>no</is-logging-service>
<type>SYSTEM</type>
<subtype>general</subtype>
<config_ver>0</config_ver>
<time_generated>2023/04/13 22:11:57</time_generated>
<dg_hier_level_1>0</dg_hier_level_1>
<dg_hier_level_2>0</dg_hier_level_2>
<dg_hier_level_3>0</dg_hier_level_3>
<dg_hier_level_4>0</dg_hier_level_4>
<device_name>Lab34-37-PA-3020</device_name>
<vsys_id>0</vsys_id>
<eventid>general</eventid>
<fmt>0</fmt>
<id>0</id>
<module>general</module>
<severity>informational</severity>
<opaque>Commit job succeeded. Completion time=2023/04/13 22:11:57. JobId=7. User:admin</opaque>
</entry>

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g1YbCAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language