Which Dataplane generated logs are seen on TCPDump when forwarded externally using an LPC?

Which Dataplane generated logs are seen on TCPDump when forwarded externally using an LPC?

7415
Created On 04/30/19 02:01 AM - Last Modified 05/27/21 20:32 PM


Question


Which Dataplane generated logs are seen on TCPDump when forwarded externally using an LPC?
 

Environment


  • PA-7000 Series Firewalls
  • Log Processing Card (LPC) installed

Answer


The Management Plane (MP) Logs which are config, system, and Alarms are stored on SSD located on the SMC and forwarded via the management interface.
These logs can be seen when TCPdump is performed.

The Dataplane (DP) generated logs which are traffic, threat, etc are stored on LPC drives and forwarded via Log Card Interface configured on one of the dataplane interfaces.
These logs cannot be captured when TCPdump is used. The traffic cannot be captured even with normal packet captures.
 

Additional Information


For details on Log Card Interface refer here
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcsArticleDetail?id=kA10g000000PLrs&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcsArticleDetail

Choose Language