This article is showing how to do quick\/handy search for the specific pattern in the system logs, although it is not only limited to this log.<\/p>\n\n\n\n
Example 1 – (case sensitive)<\/strong> \u00a0admin@WF-80-156> show log system direction equal backward query equal “(description contains Installed)” admin@WF-80-156> show log system direction equal backward query equal “(description contains installed)” Example 2 – logical operation<\/strong> admin@WF-80-156> show log system direction equal backward query equal “(description contains Installed) and (description contains 9.0.7)” admin@WF-80-156> show log system direction equal backward query equal “(description contains Installed) or (description contains configuration)” ………..for the brevity….<\/p>\n\n\n\n <\/p>\n\n\n\n Ref: How to search system logs through CLI – specific case WF-500 – Knowledge Base – Palo Alto Networks<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" This article is showing how to do quick\/handy search for the specific pattern in the system logs, although it is not only limited to this log. Example 1 – (case sensitive)In the first example we are searching for the pattern “Installed” in the backward direction which is optional but be aware that the pattern itself Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13,9],"tags":[1751],"class_list":["post-5005","post","type-post","status-publish","format-standard","hentry","category-firewalls","category-networks","tag-search-system-logs-through-pan-os-cli"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/5005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5005"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/5005\/revisions"}],"predecessor-version":[{"id":5006,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/5005\/revisions\/5006"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
In the first example we are searching for the pattern “Installed<\/em><\/strong>” in the backward direction which is optional but be aware that the pattern itself is case sensitive . In the second we are searching for the pattern “installed<\/em><\/strong>” small letter “i<\/strong><\/em>“. Outcome is different.<\/p>\n\n\n\n
Time \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Severity Subtype Object EventID ID Description
=============================================================================
2020\/06\/01 17:19:04 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wf software version 9.0.7
2020\/05\/30 02:06:50 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1496-1697.tgz
2019\/11\/29 10:58:16 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1343-1544.tgz
2019\/11\/22 13:06:36 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wf software version 8.1.10
2019\/10\/30 17:18:27 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1343-1544.tgz
2019\/10\/30 15:24:10 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wf software version 8.1.0
2019\/06\/24 15:49:42 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1250-1451.tgz
2019\/04\/09 15:49:56 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1196-1397.tgz
2019\/04\/05 17:00:58 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1194-1395<\/p>\n\n\n\n
Time \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Severity Subtype Object EventID ID Description
=============================================================================
2019\/10\/30 17:18:40 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0WildFire metadata version 1343-1544 installed by admin
2019\/05\/14 13:32:22 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0GP MDM license is installed.
2019\/05\/14 13:31:09 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0GP MDM license is installed.
2019\/04\/05 17:01:13 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0WildFire metadata version 1194-1395 installed by admin
admin@WF-80-156>\u00a0<\/p>\n\n\n\n
It is possible to combine the search contains field with the logical operators. Below examples are showing the output when using logical operator “AND<\/strong>” and logical operator “OR<\/strong>“.<\/p>\n\n\n\n
Time \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Severity Subtype Object EventID ID Description
=============================================================================
2020\/06\/01 17:19:04 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wf software version 9.0.7<\/p>\n\n\n\n
Time \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Severity Subtype Object EventID ID Description
=============================================================================
2020\/06\/01 17:26:49 info \u00a0 \u00a0 cluster \u00a0 \u00a0 \u00a0 \u00a0cluster 0 \u00a0Cluster daemon configuration load phase-2 succeeded.
2020\/06\/01 17:26:49 info \u00a0 \u00a0 cluster \u00a0 \u00a0 \u00a0 \u00a0cluster 0 \u00a0Cluster engine will be started for: configuration change.
2020\/06\/01 17:26:49 info \u00a0 \u00a0 cluster \u00a0 \u00a0 \u00a0 \u00a0cluster 0 \u00a0Cluster daemon configuration load phase-1 succeeded.
2020\/06\/01 17:19:04 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wf software version 9.0.7
2020\/05\/30 02:06:50 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1496-1697.tgz
2020\/05\/07 19:54:56 info \u00a0 \u00a0 cluster \u00a0 \u00a0 \u00a0 \u00a0cluster 0 \u00a0Cluster daemon configuration load phase-2 succeeded.<\/p>\n\n\n\n