{"id":5005,"date":"2024-01-30T14:24:31","date_gmt":"2024-01-30T22:24:31","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=5005"},"modified":"2024-01-30T14:24:32","modified_gmt":"2024-01-30T22:24:32","slug":"how-to-search-system-logs-through-pan-os-cli","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=5005","title":{"rendered":"How to Search System Logs Through PAN-OS CLI"},"content":{"rendered":"\n

This article is showing how to do quick\/handy search for the specific pattern in the system logs, although it is not only limited to this log.<\/p>\n\n\n\n

Example 1  – (case sensitive)<\/strong>
In the first example we are searching for the pattern “Installed<\/em><\/strong>” in the backward direction which is optional but be aware that the pattern itself is case sensitive . In the second we are searching for the pattern “installed<\/em><\/strong>” small letter “i<\/strong><\/em>“. Outcome is different.<\/p>\n\n\n\n

\u00a0admin@WF-80-156> show log system direction equal backward query equal “(description contains Installed)”
Time \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Severity Subtype Object EventID ID Description
=============================================================================
2020\/06\/01 17:19:04 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wf software version 9.0.7
2020\/05\/30 02:06:50 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1496-1697.tgz
2019\/11\/29 10:58:16 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1343-1544.tgz
2019\/11\/22 13:06:36 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wf software version 8.1.10
2019\/10\/30 17:18:27 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1343-1544.tgz
2019\/10\/30 15:24:10 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wf software version 8.1.0
2019\/06\/24 15:49:42 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1250-1451.tgz
2019\/04\/09 15:49:56 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1196-1397.tgz
2019\/04\/05 17:00:58 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1194-1395<\/p>\n\n\n\n

admin@WF-80-156> show log system direction equal backward query equal “(description contains installed)”
Time \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Severity Subtype Object EventID ID Description
=============================================================================
2019\/10\/30 17:18:40 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0WildFire metadata version 1343-1544 installed by admin
2019\/05\/14 13:32:22 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0GP MDM license is installed.
2019\/05\/14 13:31:09 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0GP MDM license is installed.
2019\/04\/05 17:01:13 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0WildFire metadata version 1194-1395 installed by admin
admin@WF-80-156>\u00a0<\/p>\n\n\n\n

Example 2 – logical operation<\/strong>
It is possible to combine the search contains field with the logical operators. Below examples are showing the output when using logical operator “AND<\/strong>” and logical operator “OR<\/strong>“.<\/p>\n\n\n\n

admin@WF-80-156> show log system direction equal backward query equal “(description contains Installed) and (description contains 9.0.7)”
Time \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Severity Subtype Object EventID ID Description
=============================================================================
2020\/06\/01 17:19:04 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wf software version 9.0.7<\/p>\n\n\n\n

admin@WF-80-156> show log system direction equal backward query equal “(description contains Installed) or (description contains configuration)”
Time \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Severity Subtype Object EventID ID Description
=============================================================================
2020\/06\/01 17:26:49 info \u00a0 \u00a0 cluster \u00a0 \u00a0 \u00a0 \u00a0cluster 0 \u00a0Cluster daemon configuration load phase-2 succeeded.
2020\/06\/01 17:26:49 info \u00a0 \u00a0 cluster \u00a0 \u00a0 \u00a0 \u00a0cluster 0 \u00a0Cluster engine will be started for: configuration change.
2020\/06\/01 17:26:49 info \u00a0 \u00a0 cluster \u00a0 \u00a0 \u00a0 \u00a0cluster 0 \u00a0Cluster daemon configuration load phase-1 succeeded.
2020\/06\/01 17:19:04 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wf software version 9.0.7
2020\/05\/30 02:06:50 info \u00a0 \u00a0 general \u00a0 \u00a0 \u00a0 \u00a0general 0 \u00a0Installed wfm package: panup-all-wfmeta-1496-1697.tgz
2020\/05\/07 19:54:56 info \u00a0 \u00a0 cluster \u00a0 \u00a0 \u00a0 \u00a0cluster 0 \u00a0Cluster daemon configuration load phase-2 succeeded.<\/p>\n\n\n\n

………..for the brevity….<\/p>\n\n\n\n

<\/p>\n\n\n\n

Ref: How to search system logs through CLI – specific case WF-500 – Knowledge Base – Palo Alto Networks<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

This article is showing how to do quick\/handy search for the specific pattern in the system logs, although it is not only limited to this log. Example 1  – (case sensitive)In the first example we are searching for the pattern “Installed” in the backward direction which is optional but be aware that the pattern itself Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13,9],"tags":[1751],"class_list":["post-5005","post","type-post","status-publish","format-standard","hentry","category-firewalls","category-networks","tag-search-system-logs-through-pan-os-cli"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t