>
    Prisma Access Agent Logs and Management Logs
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Agent
    3. Prisma Access Agent Administration
    4. Troubleshoot Prisma Access Agents
    5. Prisma Access Agent Logs and Management Logs
    Download PDF
    Prisma Access Agent

    Prisma Access Agent Logs and Management Logs

    Table of Contents

    Prisma Access Agent Logs and Management Logs

    Lean how to audit Prisma Access Agent logs and management logs using the log viewer on Strata Cloud Manager.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • NGFW (Managed by Panorama)
    • Check the prerequisites for the deployment you're using
    • Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature
    You can use the auditing and logging features of the Prisma Access Agent to help improve your problem investigation and troubleshooting experience. Having the correct context and data about the errors that occurred can help you reduce the time for remediation.
    Prisma Access Agent logs and management logs are generated and sent to Strata Logging Service. The logs are viewable in the log viewer or Strata Logging Service, where you can use the capabilities of the log viewer to filter and search for various data to help you audit and analyze information in the logs.
    You can use the auditing capabilities to perform troubleshooting tasks such as:
    • Debugging and completing root cause analysis on user authentication failures. For example, you would like to understand at what stage the user authentication is failing, including:
      • Did the Prisma Access Agent receive an authentication response from the Cloud Identity Engine?
        To troubleshoot this, you can audit the management log to look for the Event ID Value of Epm Cie Token Validation and validate whether the event succeeded or failed.
      • Did Prisma Access Agent send a reply to the Prisma Access Agent app?
        To troubleshoot this, you can audit the management log to look for the Event ID Value of Epm Auth Response and validate whether the event succeeded or failed.
    • Troubleshooting user tunnel connections and performance concerns. As a part of the investigation, you might need to understand the following aspects:
      • Was the tunnel established using the IPSec protocol?
        To troubleshoot this, you can audit the Prisma Access Agent log to look for the Tunnel Type of IPSEC and validate whether the event succeeded or failed.
      • Did the tunnel connection fall back from IPSec to SSL?
        To troubleshoot this, you can audit the Prisma Access Agent log to look for the Event ID Value of gateway-switch-to-ssl and validate whether the event succeeded or failed.
    • Receiving notifications when a Prisma Access agent is tampered with through file downloads, process, or registry changes.
      To troubleshoot this, you can audit the Prisma Access Agent log to look for logs with the Description (opaque) that is similar to File Anti-Tampering, Process Anti-Tampering, or Registry Anti-Tampering and validate whether the event succeeded or failed.

    © 2025 Palo Alto Networks, Inc. All rights reserved.