Logs

To see your Prisma Access logs, log in to Prisma Access Cloud Management and select on the left side navigation
Activity
Logs
pane. Regardless of the management interface you’re using for Prisma Access—Panorama or cloud management—you can view your logs in Prisma Access Cloud Management.
A log is an automatically generated, time-stamped file that provides an audit trail for system events or network traffic events that Prisma Access monitors. Log entries contain artifacts, which are properties, activities, or behaviors associated with the logged event, such as the application type or the IP address of an attacker. Each log type records information for a separate event type. For example, Prisma Access may generate a Threat log to record traffic that matches a spyware, vulnerability, or virus signature.
Prisma Access Cloud Management provides Network logs (Traffic, Threat, URL, File, HIP Match) and Common logs (System and Configuration).
You can view details for each log entry, and for threat logs, you can review threat details and see if there are any threat overrides in place.
  1. Go to
    Logs
    .
  2. Select the type of log you want to view.
    Prisma Access supports Network logs (Traffic, Threat, URL, File, HIP Match) and Common logs (System and Configuration).
  3. Filter for logs.
    • Start by selecting a time range for which you want to view logs. This starts off your log query.
    • Provide a query string to narrow down the list of logs.
      If you do not provide a query string, Explore will retrieve every log record of the type you specify that was created during the time range that you provide — up to 65,536 records.
    • Click into an individual cell to add the field and value to the query.
  4. View log entry details.
    Click the details icon to learn more about a log entry.
  5. Review threat details and overrides.
    See threat details and also check if there are any overrides configured for a threat. A threat override is where you’re using a different action to enforce a threat than the default action.

Recommended For You