Focus

PAN-OS ® New Features Guide

Millisecond Granularity for PAN-OS Log Forwarding

Table of Contents

Millisecond Granularity for PAN-OS Log Forwarding

Timestamps providing millisecond granularity for all PAN-OS^® logs.

There is a new field for all forwarded PAN-OS^® logs that contains a timestamp with millisecond granularity to display when a log was received at the management plane when exported in CSV format. With millisecond granularity for all logs, you can now more accurately correlate PAN-OS logs with logs from other sources that use similar granularity when you investigate network and security events and threats. Millisecond granularity for all PAN-OS logs forwarded to Panorama™, Dedicated Log Collectors, Cortex™ Data Lake, syslog, email, SNMP and HTTP from firewalls, Panorama, and the Cortex log forwarding app where supported.

The new field is displayed only in the exported CSV log and is not available in the Monitor or ACC tabs or in generated reports.

The format for this new field is YYYY-MM-DDThh:ss:sssTZD:

YYYY—Four digit year
MM—Two-digit month
DD—Two-digit day of the month (01 through 31)
T—Indicator for the beginning of the timestamp
hh—Two-digit hour using 24-hour time (00 through 23)
mm—Two-digit minute (00 through 59)
ss—Two-digit second (00 through 60)
sss—One or more digits for millisecond
TZD—Time zone designator (+hh:mm or -hh:mm)

Launch the Firewall Web Interface.
Select MonitorLogs and select the desired log.
Filter the log as needed and Export to CSV.
Navigate to the end of the exported CSV and locate the high_res_timestamp.
(Optional) Configure log forwarding.
- If you manage your firewalls with Panorama, see Configure Log Forwarding to Panorama.
- To forward logs to an external service, see Configure Log Forwarding.

Management Features

Visibility on Custom Threat Names