PAN-OS OpenConfig Logging
Table of Contents
2.0
Expand all | Collapse all
PAN-OS OpenConfig Logging
Information about PAN-OS OpenConfig loggin support.
About PAN-OS OpenConfig Logging
Review the YANG model before using the openconfig-bgp
model to familiarize yourself with supported paths.
When using the logging model with PAN-OS, you can either use predefined
or custom filters for you logging queries. You can use several custom filters
defined in the YANG model such as:
- Type
- Direction
- From_time
- To_time
- Period
- Full_Query
- Max_Logs
- Query_str
In addition to the filters, you can send you can use the
data_push_url option to send the query to an external
endpoint.
You can build query strings in the user interface and apply them to the OpenConfig
logging queries, see: Filter Logs.
Below is an example of formats you can use to filter custom logging queries:
"pan/logging/query/custom[type=system][direction=fwd][max_logs=2][period=last-24-hrs]" "pan/logging/query/custom[type=system][direction=fwd][max_logs=2][query_str=\'severity eq critical\'][from_time=t1][to_time=t2]" "pan/logging/query/custom[type=system][direction=fwd][max_logs=2][query_str=\'severity eq critical\'][from_time=\'2023/04/20@00:11:29\'][to_time=\'2023/04/20@01:12:29\']" "pan/logging/query/custom[full_query=-t system -n 5][data_push_url="example.com"]
Predefined queries can be found in the YANG model, for example:
"pan/logging/query/predefined/system_logs_vpn_and_dpd_15_min"
Predefined
The following query retrieves a log defined by Palo Alto Networks:
gnmic -u USER -p PASSWORD -a IP:9339 subscribe --mode once --encoding JSON_IETF --timeout 300s --path "pan/logging/query/predefined/system_log"
The following is a response from the provided query above:
{ "source": "10.124.160.118:9339", "subscription-name": "default-1683620665", "timestamp": 1683620665000000000, "time": "2023-05-09T13:54:25+05:30", "updates": [ { "Path": "/pan/logging/query/predefined/system_log", "values": { "/pan/logging/query/predefined/system_log": { "code": "Code(200)", "data_line_1": { "actionflags": "0x0", "config_ver": "2817", "device_name": "lranadive-india-10.1.5", "dg_hier_level_1": "0", "dg_hier_level_2": "0", "dg_hier_level_3": "0", "dg_hier_level_4": "0", "dg_id": "0", "domain": "1", "eventid": "general", "fmt": "0", "high_res_timestamp": "2023-05-09T01:21:34.388-07:00", "id": "0", "module": "general", "object": "API", "opaque": "Can not generate an API key for user 'admin' from 127.0.0.1 ; API key certificate is not configured", "receive_time": "2023/05/09 01:21:34", "seqno": "7230758565881840053", "serial": "007199000000843", "severity": "critical", "subtype": "general", "time_generated": "2023/05/09 01:21:34", "tpl_id": "0", "type": "SYSTEM", "vsys": "", "vsys_name": "" }, "data_line_2": { "actionflags": "0x0", "config_ver": "2817", "device_name": "lranadive-india-10.1.5", "dg_hier_level_1": "0", "dg_hier_level_2": "0", "dg_hier_level_3": "0", "dg_hier_level_4": "0", "dg_id": "0", "domain": "1", "eventid": "general", "fmt": "0", "high_res_timestamp": "2023-05-09T01:06:08.588-07:00", "id": "0", "module": "general", "object": "", "opaque": "Failed to renew device certificate.Invalid serial number. Device is not registered.", "receive_time": "2023/05/09 01:06:08", "seqno": "7230758565881840048", "serial": "007199000000843", "severity": "critical", "subtype": "general", "time_generated": "2023/05/09 01:06:08", "tpl_id": "0", "type": "SYSTEM", "vsys": "", "vsys_name": "" }, "total_lines": "2" } } } ] }