How to Query Logs from the CLI for a Rule Containing a Space in the Name

How to Query Logs from the CLI for a Rule Containing a Space in the Name

94761
Created On 09/25/18 17:51 PM - Last Modified 06/05/23 20:40 PM


Resolution


Details

From the CLI, the show log command provides an ability to query various log databases present on the device. For each log type, various options can be specified to query only specific entries in the database. One option, rule, enables the user to specify the traffic log entries to display, based on the rule the particular session matched against:

> show log traffic rule equal

  <value>  equal value

 

For rule names without a space, the syntax matches with the available context-sensitive help provided by the command:

> show log traffic rule equal Src_NAT

 

When the rule name contains a space, the rule specified must be enclosed in single quotes and then enclosed in double quotes:

> show log traffic rule equal "'Public Rule'"

 

Note: For rule names containing a space character, the single quotes and the encompassing double quotes are required for the system to parse them correctly. When the CLI command is formatted in this way the query will correctly return log entries which match the rule.

 

owner: kfindlen
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcsArticleDetail?id=kA10g000000ClKU&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcsArticleDetail

Choose Language