Which Dataplane generated logs are seen on TCPDump when forwarded externally using an LPC?
7415
Created On 04/30/19 02:01 AM - Last Modified 05/27/21 20:32 PM
Question
Which Dataplane generated logs are seen on TCPDump when forwarded externally using an LPC?
Environment
- PA-7000 Series Firewalls
- Log Processing Card (LPC) installed
Answer
The Management Plane (MP) Logs which are config, system, and Alarms are stored on SSD located on the SMC and forwarded via the management interface.
These logs can be seen when TCPdump is performed.
The Dataplane (DP) generated logs which are traffic, threat, etc are stored on LPC drives and forwarded via Log Card Interface configured on one of the dataplane interfaces.
These logs cannot be captured when TCPdump is used. The traffic cannot be captured even with normal packet captures.
Additional Information
For details on Log Card Interface refer here