Palo Alto Firewall Log Activity

The Palo Alto Log Activity dashboard shows an overview of all activity logged by the firewall. This includes all network filtering, policy changes, source and destination IP filtering taking place. Some key aspects of the dashboard. Some parts of the dashboard only show data for the last 4 hours as firewalls can generate massive events. If longer search times are desired then its best to use the event search feature to search for logs over longer time period.

  • All Log activity - this shows the log activity for today. 

  • Log Activity by Source Port - this shows a graph of the activity of ports in use on the network.

  • All Log Activity Source IP - this shows the activity the firewall is seeing based on the source address of the IP connection. 

  • All Log Activity by Policy - this shows the activity the firewall is seeing based on policy type, eg allow, deny, login, auth fail etc.

  • All log Activity by Dest Port - This will show the destination port activity. High port usage may indicate that data is being exfiltrated out of the network spoofing an allowed protocol.

  • All Log Actiity by Dest IP - This will show the target destination IP of where the network traffic is responding to. This linked with the dest port details may help narrow down what protocol is being used to send the traffic.

  • Various status blocks to show the allowed, denied and general log rates.

image-20240209-065657.png
image-20240209-063122.png

Â