View Logs

1. Select a log type to view.

   1. Select MonitorLogs.
   2. Select a log type from the list.

      The firewall displays only the logs you have permission to see. For example, if your administrative account does not have permission to view WildFire Submissions logs, the firewall does not display that log type when you access the logs pages. Administrative Role Types define the permissions.
2. (Optional) Customize the log column display.

   1. Click the arrow to the right of any column header, and select Columns.
   2. Select columns to display from the list. The log updates automatically to match your selections.
3. View additional details about log entries.

   • Click the spyglass ( 

      ) for a specific log entry. The Detailed Log View has more information about the source and destination of the session, as well as a list of sessions related to the log entry.
   • (Threat log only) Click

     next to an entry to access local packet captures of the threat. To enable local packet captures, see Take Packet Captures.
   • (Traffic, Threat, URL Filtering, WildFire Submissions, Data Filtering, and Unified logs only) View AutoFocus threat data for a log entry.
     1. Enable AutoFocus.
        Enable AutoFocus in Panorama to view AutoFocus threat data for all Panorama log entries, including those from firewalls that are not connected to AutoFocus and/or are running PAN-OS 7.0 and earlier release versions (PanoramaSetupManagementAutoFocus).
     2. Hover over an IP address, URL, user agent, threat name (subtype: virus and wildfire-virus only), filename, or SHA-256 hash.
     3. Click the drop-down ( 

         ) and select AutoFocus.
     4. Content Delivery Network Infrastructure.