Working With Data

PaloAlto Training print.indd 120 3/8/10 2:41 PM

 Agenda

Logs
- Traffic Logs
- Threat Logs
g
- URL Logs
- Data Filtering Logs
- Config and System Logs
Reports
- Custom Reports
- Scheduled Email Reports
Panorama Reports

Page 2 | 2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

PaloAlto Training print.indd 121 3/8/10 2:41 PM

 Traffic Logs Threat Logs

Anything logged from a Policy is viewed in the Traffic Logs Anything logged from a AV, Sypware or Vulnerability
Profiles are viewed in the Threat Logs
By default, logs are generated at the end of a session

2009 Palo Alto Networks. Proprietary and Confidential 3.0-a 2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

PaloAlto Training print.indd 122 3/8/10 2:41 PM

 URL Filtering Log Data Filtering Log

Any actions triggered by a URL filtering Profile are Any events triggered by File Blocking or Data Filtering
recorded in the URL Filtering Log Profiles are recorded in the Data Filtering Log

Page 5 | 2009 Palo Alto Networks. Proprietary and Confidential 3.0-a Page 6 | 2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

PaloAlto Training print.indd 123 3/8/10 2:41 PM

 Log Details Filters

Details provide more information Can be dynamically built from log data
about the traffic in the log Can be built using the filter editor
Useful data in this view includes:
Can be saved for later use
- Did the traffic undergo NAT?
- Was the traffic SSL decrypted?
- Ingress and egress interfaces
- Was this a captive portal session?
All Logs have details

2009 Palo Alto Networks. Proprietary and Confidential 3.0-a 2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

PaloAlto Training print.indd 124 3/8/10 2:42 PM

 Configuration and System Logs Built In Reports
4 predefined categories of reports
Configuration logs track who changed what on the
- Applications
device
- Threats
- URL Filtering
- Traffic
Each shows a 24 Hour period
Report can be exported
System Logs track events that occurred on the
- PDF
system
- .csv

2009 Palo Alto Networks. Proprietary and Confidential 3.0-a 2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

PaloAlto Training print.indd 125 3/8/10 2:42 PM

 User Defined Reports Working With Custom Reports

5 Databases to pull from Gives most commonly blocked URLs for a user
- Application Summary By changing the user name filter at run time the report is
- Traffic log and summary more flexible
- Threat log and summary
Can pick columns to include and set their order
Can build filter conditions of the data displayed

2009 Palo Alto Networks. Proprietary and Confidential 3.0-a Page 12 | 2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

PaloAlto Training print.indd 126 3/8/10 2:42 PM

 Summary Reports Report Groups

PDF Summary reports aggregate multiple reports into one

document.

Select any reports from the

built in or custom lists
Arrange them on the page as
needed

2009 Palo Alto Networks. Proprietary and Confidential 3.0-a Page 14 | 2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

PaloAlto Training print.indd 127 3/8/10 2:43 PM

 Scheduling and Emailing Reports Panorama Reporting

Specific report groups can be automatically generated and Same range of reporting as individual devices
emailed as needed
Reports show an aggregate of data

Panorama

Device A Device B

2009 Palo Alto Networks. Proprietary and Confidential 3.0-a Page 16 | 2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

PaloAlto Training print.indd 128 3/8/10 2:43 PM

 Thank You

PaloAlto Training print.indd 129 3/8/10 2:43 PM