How to Collect Console and Defender Logs in Prisma Cloud Compute?

How to Collect Console and Defender Logs in Prisma Cloud Compute?

4609
Created On 11/26/21 07:23 AM - Last Modified 06/25/24 20:29 PM


Objective


How to Collect Console and Defender Logs in Prisma Cloud Compute?

Environment


  • Prisma Cloud Compute
  • Defender Logs
  • Debug Logs
  • Console Logs

Procedure


Debug Logs for Compute edition (Self-hosted):

  1. Login to your Compute Console.

  2. Go to Manage > Logs > Console
  3. Either automatically upload the logs to us with the "Upload Debug Logs To Prisma Cloud Support" button.   OR
    • Download the logs with the "Download Debug Logs" button and manually upload them to the case. 
3 C L 0 u 0 Step - Console debug logs DEBUG DEBUG Step -2
 

Console Logs for Compute edition (Self-hosted):

  1. Login to your Compute Console.
  2. Go to Manage > Logs > Console > Download this logs
  3. Download this logs" button and manually upload them to the case.
image.png

Defender Logs for Compute edition (Self-hosted)

  1. Login to your Compute Console.
  2. Go to Manage > Defenders > Manage >
  3. Defenders and find the appropriate Defender in the list.
  4. Then open the Actions menu in the rightmost column.
  5. Click the "Logs" button.
  6. You can automatically upload the log to us with the "Upload Log To Prisma Cloud Support" button            OR
  7. Download the log with the "Download This Log" button and manually upload it to the case.
 
Manage d 豆 & Defenders
 
CLOUD PALO ALTO NETWORKS Radars Defend Monitor Manage View logs Projects Alerts Collections and Tags Authentication s Manage / Defenders Manage Names Deploy Defenders DaemonSets Manage deployed Defenders Defenders enforce the policies created in Console. Install Defender on each host you want Prisma Cloud to defend. Advanced settings Filter Defenders by keywords and attributes X Step -4 sh 1 total entry Listener ty... None Upgrade all Actions Host pcc2104 Version 21.04.4... Cluster Type Container Defender - Linux Decommission Restart Logs Edit
 
Defender logs Log 150 Jogs this DEBUG DEBUG DEBUG DEBUG O Eau C DEBUG o Eau G DEBUG DEBUG O EBUC 1877 1637909955.tM.v 424 424 —age type 1657909 424 step -6 Step -5 Received upload Logs message Lines: SO) m_goA24 stats 2021-11-26 stats 2021-11-26 wam uTC cpu.•oo vmRss.•74.ao MB• wof,le update to Prim 2021 2021 26, 2021 26, 2021253:55_. 2021 26, 2021 2021 %ohle u*iate 1 4 23 4 s Pg10f13 Next

Console Logs for Enterprise Edition (Compute SaaS):

  1. Login to your Compute Console.
  2. Go to Manage > View Logs > Console
  3. Download the logs with the "Download Debug Logs" button and manually upload them to the case. 
CLOUD Investigate ponci— Alerts Loss History Console debug logs Debug data to Filter logs b,' and Log DEBUG DEBUG DEB UG DEB UG DEBUG DEBUG DEB UG DEB Step -I Step -2 Col @ bogs GET 'views 21.08.525 Itonetworks.com„, GET 21 S 25 cmalvia@paloaltonetworks.Com „ . GET 'views co. „ GET 21.08.525 . GET 'views ion 2108.525 admi. GET it z.. GET 'audit Mgmt. •2108.52 S a „ GET Down I oad this Jog Nov 26, 2021 26. 2021 3:02:... Nov 26.2021 3:02:... Nov 26, 2021 302:._. 2021 3:02:,.. New 26.2021 302... 2021 3:02:... Nov 26, 2021
 

Defender Logs for Enterprise Edition (Compute SaaS):

  1. Login to your Compute Console.
  2. Go to Manage > Defenders > Manage > Defenders and find the appropriate Defender in the list.
  3. Then open the Actions menu in the rightmost column.
  4. Click the "Logs" button.
  5. Download the log with the "Download This Log" button and manually upload it to the case.
 
CLOUD Netwk Step -1 Manage deployed Defenders Def„-, T Filter Step -2 Step -3 E• csv @ C.ted 8
 
ø CLOUD BY PALO ALTO NETWORKS Dashboard Inventory Investigate Policies Compliance Alerts Compute Collectiorw Tags Network Security Settin Manage / Defenders Manage Deploy Defenders DaemonSets Step -4 Manage deployed Defenders Defenders enforce the policies created in Console. Install Defender on each host you want Prisma Cloud to defend. Filter Defenders by keywords and attributes nced settings @ Refresh t Upgrade all Actions Type Container Defender - Linux 1 total entry Listener None E. Host sagiv-instance-... Version Cluster 21.08.... Decommission Restart Logs Edit
 
Defender logs Step -5 O This table shows the 150 most recent log messages only. To See all log messages download the 10 Y Filter logs by keywords and attributes 150 total entries DEB... DEB... DEB... DEB... DEB... DEB... DEB... DEB... DEB... DEB... defender.go:1902 Received upload logs message &(DestLogs:defender ws.go:468 Received message with type uploadLogs defender.go:1902 Received upload logs message ws.go:468 Received message with type uploadLogs @ Refresh logs _1637910582.tar.gz Lines:150) 1637910354.tar.gz Lines:150) defender.go:1590 stats: 2021-11-26 +0000 UTC 96" MB" co... defender.go:1590 Stats: 2021-11-26 +0000 UTC 96" MB" co... defender.go:1590 Stats: 2021-11-26 +0000 UTC CPU-"0.0 96" MB" Co... defender.go:1590 Stats: 2021-11-26 +0000 UTC CPU-"O.0 96" VmRSS-"72.14 MB" co.„ defender.go:1590 stats: 2021-11-26 +0000 UTC CPU-"I.0 96" MB" co.„ scheduler.go:90 Periodic tasks [task:refreshUsers cnt:1367 duration:O.25ms errs:O] (task:hostForensic... con 4 OC 1 Download this log Modified Nov 26, 2021 3:... Nov 26, 2021 3:... Nov 26, 2021 3:... Nov 26, 2021 3:... Nov 26, 2021 Nov 26, 2021 Nov 26, 2021 Nov 26, 2021 2:... Nov 26, 2021 2:... Nov 26, 2021
 
 

Additional Information


Console and Defender Logs help identify the root cause of a problem, and provide a timely resolution. Here is the procedure to attach logs to case
  1. Navigate to :- https://support.paloaltonetworks.com/
  2. Click Open case.
  3. Attach your Console or  defender or debug logs archives.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oMoICAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail