Example: Use the API to Retrieve Traffic Logs
Table of Contents
PAN.OS 11.1 & Later
Expand all | Collapse all
-
- Upgrade a Firewall to the Latest PAN-OS Version (API)
- Show and Manage GlobalProtect Users (API)
- Query a Firewall from Panorama (API)
- Upgrade PAN-OS on Multiple HA Firewalls through Panorama (API)
- Automatically Check for and Install Content Updates (API)
- Enforce Policy using External Dynamic Lists and AutoFocus Artifacts (API)
- Configure SAML 2.0 Authentication (API)
- Quarantine Compromised Devices (API)
- Manage Certificates (API)
-
- Asynchronous and Synchronous Requests to the PAN-OS XML API
- Run Operational Mode Commands (API)
- Apply User-ID Mapping and Populate Dynamic Groups (API)
- Get Version Info (API)
-
- PAN-OS REST API
- Access the PAN-OS REST API
- Resource Methods and Query Parameters (REST API)
- PAN-OS REST API Request and Response Structure
- PAN-OS REST API Error Codes
- Work With Objects (REST API)
- Create a Security Policy Rule (REST API)
- Work with Policy Rules on Panorama (REST API)
- Create a Tag (REST API)
- Configure a Security Zone (REST API)
- Configure an SD-WAN Interface (REST API)
- Create an SD-WAN Policy Pre Rule (REST API)
- Configure an Ethernet Interface (REST API)
- Update a Virtual Router (REST API)
- Work With Decryption (APIs)
Example: Use the API to Retrieve Traffic Logs
Follow these steps to use the API retrieve
traffic logs.
- Create a job to retrieve all traffic logs that
occurred after a certain time:curl -X POST 'https://firewall/api?type=log&log-type=traffic&query=(receive_time geq '2012/06/22 08:00:00')"A web-browser will automatically URL encode the parameters, but when using cURL, the query parameter must be URL encoded.Response:<response status="success" code="19"> <result> <msg> <line>query job enqueued with jobid 18</line> </msg> <job>18</job> </result> </response>
- Retrieve traffic log data using the following request using the job ID as the value returned in the previous response:
curl -X POST 'https://firewall/api?type=log&action=get&job-id=<id>"- Confirm that the XML response looks similar to the following:
<response status="success""> <result> <job>...</job> <log> <logs count="20" progress="100n> <entry logid="5753304543500710425"> <domain>1</domain> <receive_time>2012/06/13 15:43:17</receive_time> <serial>001606000117</serial> <segno>6784588</segno> <actionflags>0x0</actionflags> <type>TRAFFIC</type> <subtype>start</subtype> <config_ver>1</config_ver> <time_generated>2012/06/13 15:43:17</time_generated> <src>172.16.1.2</src> <dst>10.2.0.246</dst> <natsrc>10.26.0.96</natsrc> <natdst>10.2.0.246</natdst> <rule>default allow</rule>When the job status is FIN (finished), the response automatically includes all the logs in the XML data response. The <log> node in XML is not present when the job status is still pending. After successful log data retrieval, the system automatically deletes the job.- ( Optional) Delete and active log retrieval job.To delete an active log retrieval job, run the following query:
curl -X POST 'https://firewall/api?type=log&action=finish&job-id=<id>"A successful completion returns a job ID. - Retrieve traffic log data using the following request using the job ID as the value returned in the previous response: