This article is showing how to do quick/handy search for the specific pattern in the system logs, although it is not only limited to this log.
Example 1 – (case sensitive)
In the first example we are searching for the pattern “Installed” in the backward direction which is optional but be aware that the pattern itself is case sensitive . In the second we are searching for the pattern “installed” small letter “i“. Outcome is different.
admin@WF-80-156> show log system direction equal backward query equal “(description contains Installed)”
Time Severity Subtype Object EventID ID Description
=============================================================================
2020/06/01 17:19:04 info general general 0 Installed wf software version 9.0.7
2020/05/30 02:06:50 info general general 0 Installed wfm package: panup-all-wfmeta-1496-1697.tgz
2019/11/29 10:58:16 info general general 0 Installed wfm package: panup-all-wfmeta-1343-1544.tgz
2019/11/22 13:06:36 info general general 0 Installed wf software version 8.1.10
2019/10/30 17:18:27 info general general 0 Installed wfm package: panup-all-wfmeta-1343-1544.tgz
2019/10/30 15:24:10 info general general 0 Installed wf software version 8.1.0
2019/06/24 15:49:42 info general general 0 Installed wfm package: panup-all-wfmeta-1250-1451.tgz
2019/04/09 15:49:56 info general general 0 Installed wfm package: panup-all-wfmeta-1196-1397.tgz
2019/04/05 17:00:58 info general general 0 Installed wfm package: panup-all-wfmeta-1194-1395
admin@WF-80-156> show log system direction equal backward query equal “(description contains installed)”
Time Severity Subtype Object EventID ID Description
=============================================================================
2019/10/30 17:18:40 info general general 0 WildFire metadata version 1343-1544 installed by admin
2019/05/14 13:32:22 info general general 0 GP MDM license is installed.
2019/05/14 13:31:09 info general general 0 GP MDM license is installed.
2019/04/05 17:01:13 info general general 0 WildFire metadata version 1194-1395 installed by admin
admin@WF-80-156>
Example 2 – logical operation
It is possible to combine the search contains field with the logical operators. Below examples are showing the output when using logical operator “AND” and logical operator “OR“.
admin@WF-80-156> show log system direction equal backward query equal “(description contains Installed) and (description contains 9.0.7)”
Time Severity Subtype Object EventID ID Description
=============================================================================
2020/06/01 17:19:04 info general general 0 Installed wf software version 9.0.7
admin@WF-80-156> show log system direction equal backward query equal “(description contains Installed) or (description contains configuration)”
Time Severity Subtype Object EventID ID Description
=============================================================================
2020/06/01 17:26:49 info cluster cluster 0 Cluster daemon configuration load phase-2 succeeded.
2020/06/01 17:26:49 info cluster cluster 0 Cluster engine will be started for: configuration change.
2020/06/01 17:26:49 info cluster cluster 0 Cluster daemon configuration load phase-1 succeeded.
2020/06/01 17:19:04 info general general 0 Installed wf software version 9.0.7
2020/05/30 02:06:50 info general general 0 Installed wfm package: panup-all-wfmeta-1496-1697.tgz
2020/05/07 19:54:56 info cluster cluster 0 Cluster daemon configuration load phase-2 succeeded.
………..for the brevity….
Ref: How to search system logs through CLI – specific case WF-500 – Knowledge Base – Palo Alto Networks