Support Center

Palo Alto Networks Logging Tips

Last Updated: Feb 04, 2016 07:22PM PST
In order to log all web traffic in Palo Alto, go to Objects | URL Filtering | <your profile>, and set all categories to either Block or Alert (or any action other than none). This will ensure that all web activity is logged.

Configure Palo Alto to send syslog messages to a syslog server such as Kiwi Syslog, then import the resulting text logs into a WebSpy Vantage Storage.

You can then analyze and report on either the Traffic or Threat schema. The Threat schema contains information about websites visited (URLs), and the Traffic schema will contain information about bandwidth and connections.

We also recommend to enable HTTP Header Logging. To do this, please How to Enable HTTP Header Logging and Track URLs Accessed by Users

Unfortunately, Palo Alto does not log size information along side URLs, so determining how much bandwidth is associated with a particular website is not possible.

You can however analyze browsing and session times between users and websites using WebSpy Vantage.

For more information, please see our more detailed article and video on Web Activity Reporting with Palo Alto Firewall Log Files
 

Contact Us

support@fastvue.co
http://assets3.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete