PaloAlto Training Print 120-129

Working With Data

PaloAlto Training print.indd 120

3/8/10 2:41 PM

Agenda • Logs -

Traffic Logs

-

Threat Logs g

-

URL Logs

-

Data Filtering Logs

-

Config and System Logs

• Reports -

Custom Reports

-

Scheduled Email Reports

• Panorama Reports

Page 2 |

PaloAlto Training print.indd 121

© 2009 Palo Alto Networks. Proprietary and Confidential

3.0-a

3/8/10 2:41 PM

Traffic Logs

Threat Logs

• Anything logged from a Policy is viewed in the Traffic Logs

• Anything logged from a AV, Sypware or Vulnerability

• By default, logs are generated at the end of a session

© 2009 Palo Alto Networks. Proprietary and Confidential

PaloAlto Training print.indd 122

3.0-a

Profiles are viewed in the Threat Logs

© 2009 Palo Alto Networks. Proprietary and Confidential

3.0-a

3/8/10 2:41 PM

URL Filtering Log

Data Filtering Log

• Any actions triggered by a URL filtering Profile are

• Any events triggered by File Blocking or Data Filtering

recorded in the URL Filtering Log

Page 5 |

© 2009 Palo Alto Networks. Proprietary and Confidential

PaloAlto Training print.indd 123

3.0-a

Profiles are recorded in the Data Filtering Log

Page 6 |

© 2009 Palo Alto Networks. Proprietary and Confidential

3.0-a

3/8/10 2:41 PM

Log Details

Filters

• Details provide more information

• Can be dynamically built from log data

about the traffic in the log

• Can be built using the filter editor

• Useful data in this view includes: -

Did the traffic undergo NAT?

-

Was the traffic SSL decrypted?

-

Ingress and egress interfaces

-

Was this a captive portal session?

• Can be saved for later use

• All Logs have details

© 2009 Palo Alto Networks. Proprietary and Confidential

PaloAlto Training print.indd 124

3.0-a

© 2009 Palo Alto Networks. Proprietary and Confidential

3.0-a

3/8/10 2:42 PM

Configuration and System Logs • Configuration logs track who changed what on the

device

Built In Reports • 4 predefined categories of reports -

Applications

-

Threats

-

URL Filtering

-

Traffic

• Each shows a 24 Hour period

• System Logs track events that occurred on the

system

© 2009 Palo Alto Networks. Proprietary and Confidential

PaloAlto Training print.indd 125

3.0-a

• Report can be exported -

PDF

-

.csv

© 2009 Palo Alto Networks. Proprietary and Confidential

3.0-a

3/8/10 2:42 PM

User Defined Reports

Working With Custom Reports

• 5 Databases to pull from

• Gives most commonly blocked URLs for a user

-

Application Summary

-

Traffic log and summary

-

Threat log and summary

• By changing the user name filter at run time the report is

more flexible

• Can pick columns to include and set their order • Can build filter conditions of the data displayed

© 2009 Palo Alto Networks. Proprietary and Confidential

PaloAlto Training print.indd 126

3.0-a

Page 12 |

© 2009 Palo Alto Networks. Proprietary and Confidential

3.0-a

3/8/10 2:42 PM

Report Groups

Summary Reports • PDF Summary reports aggregate multiple reports into one

document.

•Select any reports from the built in or custom lists •Arrange them on the page as needed

© 2009 Palo Alto Networks. Proprietary and Confidential

PaloAlto Training print.indd 127

3.0-a

Page 14 |

© 2009 Palo Alto Networks. Proprietary and Confidential

3.0-a

3/8/10 2:43 PM

Scheduling and Emailing Reports

Panorama Reporting

• Specific report groups can be automatically generated and

• Same range of reporting as individual devices

emailed as needed

• Reports show an aggregate of data Panorama

Device B

Device A

© 2009 Palo Alto Networks. Proprietary and Confidential

PaloAlto Training print.indd 128

3.0-a

Page 16 |

© 2009 Palo Alto Networks. Proprietary and Confidential

3.0-a

3/8/10 2:43 PM

Thank You

PaloAlto Training print.indd 129

3/8/10 2:43 PM