Each log has a filter area that allows you to set a criteria for which log entries to display. The ability to filter logs is useful for focusing on events on your firewall that possess particular properties or attributes. Filter logs by artifacts that are associated with individual log entries.
For example, filtering by the rule UUID makes it easier to pinpoint the specific rule you want to locate, even among many similarly-named rules. If your ruleset is very large and contains many rules, using the rule’s UUID as a filter spotlights the particular rule you need to find without having to navigate through pages of results.
- (Unified logs only) Select the log types
to include in the Unified log display.
- Click Effective Queries ( ).
- Select one or more log types from the list (traffic, threat, url, data, and wildfire).
- Click OK. The Unified log updates to show only entries from the log types you have selected.
- Add a filter to the filter field.If the value of the artifact matches the operator (such as has or in), enclose the value in quotation marks to avoid a syntax error. For example, if you filter by destination country and use IN as a value to specify INDIA, enter the filter as ( dstloc eq “IN” ).
- Click one or more artifacts (such as the application type associated with traffic and the IP address of an attacker) in a log entry. For example, click the Source 10.0.0.25 and Application web-browsing of a log entry to display only entries that contain both artifacts in the log (AND search).
- To specify artifacts to add to the filter field, click Add Filter ( ).
- To add a previously saved filter, click Load Filter ( ).
- Apply the filter to the log.Click Apply Filter ( ). The log will refresh to display only log entries that match the current filter.
- (Optional) Save frequently used filters.
- Click Save Filter ( ).
- Enter a Name for the filter.
- Click OK. You can view your saved filters by clicking Load Filter ( ).
Unified Logs Unified logs are entries from the Traffic, Threat, URL Filtering, WildFire Submissions, and Data Filtering logs displayed in a single view. Unified log ...
Log Actions The following table describes log actions. Action Description Filter Logs Each log page has a filter field at the top of the page. ...
View and Act on AutoFocus Intelligence Summary Data
View and Act on AutoFocus Intelligence Summary Data Interact with the AutoFocus Intelligence Summary to display more information about an artifact or extend your artifact ...
Log Types Monitor Logs The firewall displays all logs so that role-based administration permissions are respected. Only the information that you are permitted to see ...
View Logs You can view the different log types on the firewall in a tabular format. The firewall locally stores all log files and automatically ...
Export Logs You can export the contents of a log type to a comma-separated value (CSV) formatted report. By default, the report contains up to ...
Managed WildFire Cluster and Appliance Administration
Managed WildFire Cluster and Appliance Administration Select Panorama Managed WildFire Clusters and select a cluster to manage or select a WildFire appliance ( Panorama Managed ...
AutoFocus Intelligence Summary
AutoFocus Intelligence Summary You can view a graphical overview of threat intelligence that AutoFocus compiles to help you assess the pervasiveness and risk of the ...
View and Manage Logs
View and Manage Logs A log is an automatically generated, time-stamped file that provides an audit trail for system events on the firewall or network ...