You can view the different log types on the firewall in a tabular format. The firewall locally stores all log files and automatically generates Configuration and System logs by default. To learn more about the security rules that trigger the creation of entries for the other types of logs, see Log Types and Severity Levels.
To configure the firewall to forward logs as syslog messages, email notifications, or Simple Network Management Protocol (SNMP) traps, Use External Services for Monitoring.
- Select a log type to view.
- Select MonitorLogs.
- Select a log type from the list.The firewall displays only the logs you have permission to see. For example, if your administrative account does not have permission to view WildFire Submissions logs, the firewall does not display that log type when you access the logs pages. Administrative Role Types define the permissions.
- (Optional) Customize the log column
- Click the arrow to the right of any column header, and select Columns.
- Select columns to display from the list. The log updates automatically to match your selections.
- View additional details about log entries.
- Click the spyglass ( ) for a specific log entry. The Detailed Log View has more information about the source and destination of the session, as well as a list of sessions related to the log entry.
- (Threat log only) Click next to an entry to access local packet captures of the threat. To enable local packet captures, see Take Packet Captures.
- (Traffic, Threat, URL Filtering, WildFire Submissions, Data Filtering, and Unified logs only) View AutoFocus threat data for a log entry.
- Enable AutoFocus in Panorama to view AutoFocus threat data for all Panorama log entries, including those from firewalls that are not connected to AutoFocus and/or are running PAN-OS 7.0 and earlier release versions (PanoramaSetupManagementAutoFocus).
- Hover over an IP address, URL, user agent, threat name (subtype: virus and wildfire-virus only), filename, or SHA-256 hash.
- Click the drop-down ( ) and select AutoFocus.
Log Types The firewall displays all logs so that role-based administration permissions are respected. Only the information that you have permission to see is included, ...
View and Act on AutoFocus Intelligence Summary Data
View and Act on AutoFocus Intelligence Summary Data Interact with the AutoFocus Intelligence Summary to display more information about an artifact or extend your artifact ...
Unified Logs Unified logs are entries from the Traffic, Threat, URL Filtering, WildFire Submissions, and Data Filtering logs displayed in a single view. Unified log ...
AutoFocus Intelligence Summary
AutoFocus Intelligence Summary You can view a graphical overview of threat intelligence that AutoFocus compiles to help you assess the pervasiveness and risk of the ...
Enable AutoFocus Threat Intelligence
Enable AutoFocus Threat Intelligence With a valid AutoFocus subscription, you can compare the activity on your network with the latest threat data available on the ...
Assess Firewall Artifacts with AutoFocus
Assess Firewall Artifacts with AutoFocus Use the AutoFocus Intelligence Summary for an artifact to assess its pervasiveness in your network and the threats associated with ...
Types of Packet Captures
Types of Packet Captures There are four different types of packet captures you can enable, depending on what you need to do: Custom Packet Capture ...
Activate Licenses and Subscriptions
Activate Licenses and Subscriptions Before you can start using your firewall to secure the traffic on your network, you must activate the licenses for each ...
What Data Center Traffic to Log and Monitor
The types of data center traffic you should log and monitor, the tools you can use to analyze the traffic, and how to best utilize ...