Palo Alto Log Activity

Owned by Steve Challans
Last updated: Sept 20, 2019
3 min read

The Palo Alto Log Activity dashboard shows an overview of all activity logged by the firewall. This includes all network filtering, policy changes, source and destination IP filtering taking place. Some key aspects of the dashboard.

  • All Log activity - this shows the log activity based on the date and time filter from the top right of the page. 
  • Palo Log Activity - this shows a line graph of the activity over the defined time period.
  • Palo Source IP - this shows the activity the firewall is seeing based on the source address of the IP connection. 
  • Palo Destination IP - this shows the activity the firewall is seeing based on the destination address of the IP connection.
  • Risky Source Protocols - this shows an overview of all protocols and ports in use and highlights the protocols that could be of most risk to the network. Malware and intruders often try to hide on unusual ports or piggy back on well know ports to try and mask their activity. 
  • Risky Destination Protocols. - this shows an overview of all protocols and ports in use and highlights the protocols that could be of most risk to the network. Malware and intruders often try to hide on unusual ports or piggy back on well know ports to try and mask their activity. 
  • Palo Category Alerts - this lists the type of alert categories the Palo device is reporting in, these can be general traffic and also threat based alerts.
  • Palo Alto FIrewall Logs - this item shows the overall log activity for the time period being viewed. 
  • Palo Destination Users - this shows the users that are authenticated to the Palo over VPN or based on internal rules
  • Palo Source Users - this shows the users that are authenticated with traffic based on the source of where they logged in from. 
  • Palo Actions shows the system codes based on allowed and denied activities. 


v2 Dashboards