Prisma Access Agent Administration
  • Prisma Access Agent Administration
  • Prisma Access Agent Documentation
  • All Documentation
>
Audit Prisma Access Agent Configuration Activities
Focus
Download PDF
Focus
  1. Home
  2. Prisma Access Agent
  3. Troubleshoot Prisma Access Agents
  4. Prisma Access Agent Logs and Management Logs
  5. Audit Prisma Access Agent Configuration Activities
Download PDF
Prisma Access Agent

Audit Prisma Access Agent Configuration Activities

Table of Contents
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • Strata Logging Service
  • Minimum Required Prisma Access Version: 5.1 Preferred or Innovation
  • Prisma Access license with the Mobile User subscription
  • Prisma Access Agent version: 25.1.0.14
  • macOS 14 and later or Windows 10 version 2024 and later desktop devices
  • Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature
You can audit any Prisma Access Agent configuration change in the log viewer or Strata Logging Service.
For example, you can audit the configuration logs to see the configuration activities that were performed in Prisma Access and who initiated the actions. You can also view event details to identify the Prisma Access configuration before and immediately after a configuration change.
All data is collected and sent to Strata Logging Service, which is viewable in Strata Logging Service or the Prisma Access log viewer.
To learn how to use the log viewer, you can explore logs in detail.
  1. Open the log viewer or Strata Logging Service.
    • In the log viewer, the following events will be logged under Log ViewerCommonConfiguration.
    • In Strata Logging Service, select ExploreCommonConfiguration.
  2. If no data is displayed, increase the different time range to show more entries.
  3. To narrow the scope of the logs in the table, you can create queries based on the column headings in the log viewer, and save the queries as filters for use later.
    1. Enter a log query in the search field. Click to display a list of fields and select an item from the list or start entering the name of a field and select from the list of matching items.
      You can create queries base on the configuration schema.
    2. Select an operator, such as =, !=, < >, or LIKE and a value for the field. You can build on the query by adding AND or OR operators. For example, to show logs that have configuration changes, you can create a query such as:
      Event Name = edit AND Event Result = Succeeded
      You can use the LIKE operator to filter on values that match a pattern you provide. For example, to show all event ID values that start with gateway, you can specify:
      Event ID Value LIKE 'gateway%'
    3. Select a different time range if needed.
    4. Click the right arrow to begin the query.
    5. To save the query for future use, click the filter save icon. Then, enter a descriptive Name for the query and Save the filter for future use.
    6. (Optional) Export the log query results to a .csv file and download the file to your computer for further analysis with a spreadsheet app.
    7. To view the details in a log, click the icon
      next to a log in the table to open the LOG DETAILS window.
      To show all the details in the log, select Log Details.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.