View Advanced IP Defense Logs in PAN-OS and Panorama

1. Log in to the
2. Access the threat log viewer.

   For PAN-OS 12.2 and later, select MonitorLogsThreat to view threat logs that include Advanced IP Defense entries.

   For PAN-OS 11.1.x through 12.1.x, select MonitorLogsTraffic to view traffic logs that include EDL-based Advanced IP Defense hits.
3. Filter for Advanced IP Defense log entries.

   On PAN-OS 12.2 and later, filter by the Advanced IP Defense threat category to isolate entries generated by Advanced IP Defense policy rules. You can further narrow results by:

   • IP attribute category or subcategory
   • Policy action (Block, Allow, or Alert)
   • Source or destination IP address
   • Source or destination zone

   On PAN-OS 11.1.x through 12.1.x, filter by the destination EDL or source EDL column to find entries that matched the predefined Advanced IP Defense External Dynamic Lists.
4. Review the log details for a specific entry.

   Click a log entry to view the full session details. On PAN-OS 12.2 and later, the log detail includes the matched IP attributes, the Advanced IP Defense profile and rule name, the policy action, and the log severity level. On PAN-OS 11.1.x through 12.1.x, the log detail shows the EDL name and the matched IP address.
5. (Optional) Configure log forwarding to Strata Logging Service.

   To access Advanced IP Defense logs in Strata Cloud Manager and enable dashboard visibility, configure log forwarding to send threat logs to Strata Logging Service. Select ObjectsLog Forwarding and create or edit a log forwarding profile to include threat logs.