Prisma Access Agent
Audit Prisma Access Agent Logs
Table of Contents
Audit Prisma Access Agent Logs
Lean how to audit Prisma Access Agent logs using the log viewer or Strata Logging Service.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
You can audit any activity or action performed by a user on the Prisma Access Agent using the log viewer or Strata Logging Service. You
can audit activity such as connecting and disconnecting to Prisma Access, including
any state changes, such as login,
configuration, tunnel,
among others.
To learn how to use the log viewer, you can explore logs in detail.
- Open the log viewer or Strata Logging Service.
- From Strata Cloud Manager, select Incidents & AlertsLog ViewerEndpointTroubleshooting (Prisma Access Agent):
- From Strata Logging Service, select ExploreEndpointTroubleshooting (Prisma Access Agent).
If no data is displayed, increase the time range to show more entries.To narrow the scope of the logs in the table, you can create queries based on the column headings in the log viewer, and save the queries as filters for use later.- Enter a log query in the search field. Click to display a list of Prisma Access Agent fields and select an item from the list, or start typing the name of a field and select from the list of matching items.You can create a query for Prisma Access troubleshooting logs using the information in Endpoint Logs.Select an operator, such as =, !=, < >, or LIKE and a value for the field. You can build on the query by adding AND or OR operators. For example, to query Windows endpoints that successfully logged out of a Prisma Access location, you can create a query such as:
Endpoint OS Type = 'Windows' AND Event ID Value = 'gateway-logout' AND Event Status = 'success'
You can use the LIKE operator to filter on values that match a pattern you provide. For example, to show all event ID values that start with gateway, you can specify:Event Status LIKE 'gateway%'
Select a different time range if needed.Click the right arrow to begin the query.To save the query for future use, click the filter save icon. Then, enter a descriptive Name for the query and Save the filter for future use.(Optional) Export the log query results to a .csv file and download the file to your computer for further analysis with a spreadsheet app.To view the details in a log, click theTo show all the details in the log, select Log Details.
- From Strata Cloud Manager, select Incidents & AlertsLog ViewerEndpointTroubleshooting (Prisma Access Agent):