View Logs
Focus
Focus

View Logs

Table of Contents
End-of-Life (EoL)

View Logs

You can view the different log types on the firewall in a tabular format. The firewall locally stores all log files and automatically generates Configuration and System logs by default. To learn more about the security rules that trigger the creation of entries for the other types of logs, see Log Types and Severity Levels.
To configure the firewall to forward logs as syslog messages, email notifications, or Simple Network Management Protocol (SNMP) traps, Use External Services for Monitoring.
  1. Select a log type to view.
    1. Select MonitorLogs.
    2. Select a log type from the list.
      The firewall displays only the logs you have permission to see. For example, if your administrative account does not have permission to view WildFire Submissions logs, the firewall does not display that log type when you access the logs pages. Administrative Role Types define the permissions.
  2. (Optional) Customize the log column display.
    1. Click the arrow to the right of any column header, and select Columns.
    2. Select columns to display from the list. The log updates automatically to match your selections.
  3. View additional details about log entries.
    • Click the spyglass ( 
       ) for a specific log entry. The Detailed Log View has more information about the source and destination of the session, as well as a list of sessions related to the log entry.
    • (Threat log only) Click
      next to an entry to access local packet captures of the threat. To enable local packet captures, see Take Packet Captures.
    • (Traffic, Threat, URL Filtering, WildFire Submissions, Data Filtering, and Unified logs only) View AutoFocus threat data for a log entry.
      1. Enable AutoFocus.
        Enable AutoFocus in Panorama to view AutoFocus threat data for all Panorama log entries, including those from firewalls that are not connected to AutoFocus and/or are running PAN-OS 7.0 and earlier release versions (PanoramaSetupManagementAutoFocus).
      2. Hover over an IP address, URL, user agent, threat name (subtype: virus and wildfire-virus only), filename, or SHA-256 hash.
      3. Click the drop-down ( 
         ) and select AutoFocus.
Next Steps...