Prisma Access Agent Administration
  • Prisma Access Agent Administration
  • Prisma Access Agent Documentation
  • All Documentation
>
Prisma Access Agent Logs and Management Logs
Focus
Download PDF
Focus
  1. Home
  2. Prisma Access Agent
  3. Troubleshoot Prisma Access Agents
  4. Prisma Access Agent Logs and Management Logs
Download PDF
Prisma Access Agent

Prisma Access Agent Logs and Management Logs

Table of Contents
Lean how to audit Prisma Access Agent logs and management logs using the log viewer on Strata Cloud Manager.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • Strata Logging Service
  • Minimum Required Prisma Access Version: 5.1 Preferred or Innovation
  • Prisma Access license with the Mobile User subscription
  • Prisma Access Agent version: 25.1.0.14
  • macOS 14 and later or Windows 10 version 2024 and later desktop devices
  • Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature
You can use the auditing and logging features of the Prisma Access Agent to help improve your problem investigation and troubleshooting experience. Having the correct context and data about the errors that occurred can help you reduce the time for remediation.
Prisma Access Agent logs and management logs are generated and sent to Strata Logging Service. The logs are viewable in the log viewer or Strata Logging Service, where you can use the capabilities of the log viewer to filter and search for various data to help you audit and analyze information in the logs.
You can use the auditing capabilities to perform troubleshooting tasks such as:
  • Debugging and completing root cause analysis on user authentication failures. For example, you would like to understand at what stage the user authentication is failing, including:
    • Did the Prisma Access Agent receive an authentication response from the Cloud Identity Engine?
      To troubleshoot this, you can audit the management log to look for the Event ID Value of Epm Cie Token Validation and validate whether the event succeeded or failed.
    • Did Prisma Access Agent send a reply to the Prisma Access Agent app?
      To troubleshoot this, you can audit the management log to look for the Event ID Value of Epm Auth Response and validate whether the event succeeded or failed.
  • Troubleshooting user tunnel connections and performance concerns. As a part of the investigation, you might need to understand the following aspects:
    • Was the tunnel established using the IPSec protocol?
      To troubleshoot this, you can audit the Prisma Access Agent log to look for the Tunnel Type of IPSEC and validate whether the event succeeded or failed.
    • Did the tunnel connection fall back from IPSec to SSL?
      To troubleshoot this, you can audit the Prisma Access Agent log to look for the Event ID Value of gateway-switch-to-ssl and validate whether the event succeeded or failed.
  • Receiving notifications when a Prisma Access agent is tampered with through file downloads, process, or registry changes.
    To troubleshoot this, you can audit the Prisma Access Agent log to look for logs with the Description (opaque) that is similar to File Anti-Tampering, Process Anti-Tampering, or Registry Anti-Tampering and validate whether the event succeeded or failed.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.