Where to find list of command history on the firewall or Panorama?
39931
Created On 03/07/19 02:56 AM - Last Modified 04/19/24 19:46 PM
Question
Historical view of operational commands executed before an unexpected issue can assist in determining a root cause.
Environment
- PAN-OS 8.0, 9.0, till 9.1.2
- Palo Alto Firewalls and Panorama.
Answer
Enhancement in PAN-OS 8.0 to capture operational commands. This includes operational and debug commands.
Note: Does not support configuration mode commands
If the max file size is exceeded, it will rotate the log file to a .old file and a new file is created soon thereafter. Writing to new log file will take place after checks are completed.
Max files size set at 10MB.
In the example below, the command history displays the user john.doe turning on a packet-diag debug on the firewall which can result in an outage.
PA-7050> less mp-log opcmdhistory.log
2019-02-13 10:32:10:user:john.doe,client:CLI,cmd:debug dataplane packet-diag set log feature flow basic
2019-02-13 10:32:19:user:john.doe,client:CLI,cmd:debug dataplane packet-diag set filter on
2019-02-13 10:32:25:user:john.doe,client:CLI,cmd:debug dataplane packet-diag set capture on
2019-02-13 10:32:32:user:john.doe,client:CLI,cmd:debug dataplane packet-diag set log on
Additional Information
Starting with PAN-OS 9.1.3, the command history can be found in the "req_stats log".
admin@Lab33-68-PA-5250> less mp-log req_stats.log ........ ........<refresh cookie="0822980783234759"/> ........<request cmd="op" cookie="5752764855933"><operations><show><system><info/></system></show></operations></request> => show system info command. ........<refresh cookie="5752764855956893"/> ........<auth-request username="admin" pid="22230" passwd="" ip7.150.77"/> .........