Differences

This shows you the differences between two versions of the page.

--- paloaltonetworks:logs:syslog:globalprotect [2020/09/15 16:01] – [Low] bstafford
+++ paloaltonetworks:logs:syslog:globalprotect [2023/02/03 11:27] (current) – bstafford
@@ Line 1: / Line 1: @@
 ====== GlobalProtect System Logs (< PAN-OS 9.1) ======
+===== GP Login/Logout =====
+<code>(( eventid eq gateway-connected ) or ( eventid eq gateway-logout ))</code>
+<code>(( eventid eq gateway-connected ) or ( eventid eq gateway-logout )) and ( machinename eq GB1LT11111 ) and ( user.src eq jbloggs )</code>
 ===== List GP Disconnect Reasons =====
 Remember, if you are looking for the reasons people gave for disconnecting from GlobalProtect, use:
@@ Line 5: / Line 8: @@
 The following example has 'asdfg' as the comment.
 <code>( object eq name-of-gateway ) and ( description contains 'GlobalProtect gateway agent message. Login from: 1.2.3.4, User name: jbloggs, Time: Sat Sep 05 15:35:29 2019., Message: Agent Disable, Comment: asdfg. Override(s)=36.' )</code>
+In PAN-OS 9.1 and higher, use the following filter in the GlobalProtect log
+<code>( stage eq agent-msg ) and ( eventid eq gateway-agent-msg ) and ( opaque contains 'Comment' )</code>
 ==== List GP Login/Logout Time =====
 To get a list of the login/logout times of a specific user on a specific day (not including internal gateway connections), use the following.