1. Home
    2. PAN-OS
    3. PAN-OS® and Panorama™API Usage Guide
    4. PAN-OS XML API Request Types
    5. Retrieve Logs (API)
    6. Example: Use the API to Retrieve Traffic Logs

    Example: Use the API to Retrieve Traffic Logs

    Follow these steps to use the API retrieve traffic logs.
    1. Create a job to retrieve all traffic logs that occurred after a certain time:
      curl -X GET "https://<firewall>/api/?key=apikey&type=log&log-type=traffic&query=(receive_time geq '2012/06/22 08:00:00')"
      A web-browser will automatically URL encode the parameters, but when using cURL, the query parameter must be URL encoded.
      Response:
      
						
      <response status="success" code="19">
  <result>
    <msg>
      <line>query job enqueued with jobid 18</line>
    </msg>
    <job>18</job>
  </result>
</response>
    2. Retrieve traffic log data using the following request using the job ID as the value returned in the previous response:
      curl -X GET "https://<firewall>/api/?key=apikey&type=log&action=get&job-id=<id>"
    3. Confirm that the XML response looks similar to the following:
      
						
      <response status="success"">
							<result>
							<job>...</job>
							<log>
							<logs count="20" progress="100n>
							<entry logid="5753304543500710425"> <domain>1</domain> <receive_time>2012/06/13 15:43:17</receive_time> <serial>001606000117</serial> <segno>6784588</segno>
							<actionflags>0x0</actionflags> <type>TRAFFIC</type> <subtype>start</subtype> <config_ver>1</config_ver> <time_generated>2012/06/13 15:43:17</time_generated>
							<src>172.16.1.2</src> <dst>10.1.0.246</dst> <natsrc>10.16.0.96</natsrc> <natdst>10.1.0.246</natdst> <rule>default allow</rule>
      When the job status is FIN (finished), the response automatically includes all the logs in the XML data response. The
      <log>
       node in XML is not present when the job status is still pending. After successful log data retrieval, the system automatically deletes the job.
    4. (
      Optional
      ) Delete and active log retrieval job.To delete an active log retrieval job, run the following query: 
      curl -X GET "https://<firewall>/api/?key=apikey&type=log&action=finish&job-id=<id>"
      A successful completion returns a job ID.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo