Difference between revisions of "GlobalProtect logs"
Jump to navigation
Jump to search
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[show log system]] [[direction equal backward]] | [[match globalp]] | [[show log system]] [[direction equal backward]] | [[match globalp]] | ||
+ | |||
+ | |||
+ | Client | ||
+ | * [[SystemInfo.txt]] | ||
+ | * [[NetStat.txt]] | ||
+ | * [[PanGPS.log]] | ||
+ | * [[system.log]] | ||
== GlobalProtect server logs == | == GlobalProtect server logs == | ||
− | 2017/07/17 12:21:00 [[info]] globalp Global globalp 0 GlobalProtect portal user authentication failed. Login from: xx.xx.xx.xx [[Source region]]: IN, User name: USERNAME, Client OS version: Microsoft Windows 10 Pro , 64-bit, Reason: '''Authentication failed: Invalid username or password''', Auth type: profile. | + | 2017/07/17 12:21:00 [[info]] globalp Global globalp 0 [[GlobalProtect portal]] user authentication failed. Login from: xx.xx.xx.xx [[Source region]]: IN, User name: USERNAME, Client OS version: Microsoft Windows 10 Pro , 64-bit, Reason: '''[[Authentication failed]]: Invalid username or password''', Auth type: profile. |
2017/05/06 15:11:22 [[info]] globalp Global globalp 0 [[GlobalProtect]] gateway client '''switch to [[SSL]] tunnel mode succeeded'''. User name: NAME Private IP: 10.10.10.10 | 2017/05/06 15:11:22 [[info]] globalp Global globalp 0 [[GlobalProtect]] gateway client '''switch to [[SSL]] tunnel mode succeeded'''. User name: NAME Private IP: 10.10.10.10 | ||
Line 14: | Line 21: | ||
2017/05/06 18:16:43 info globalp Global globalp 0 '''GlobalProtect portal client configuration failed'''. Login from: 156.20.23.xxx, Source region: XX, User name: USERNAME,, Client OS version: Apple [[Mac OS X 10.15.4]], Machine Certificate CN : (null), Host ID: xx:xx:e7:50:a1:xx, Serial No : XVFYT0LLM6XX | 2017/05/06 18:16:43 info globalp Global globalp 0 '''GlobalProtect portal client configuration failed'''. Login from: 156.20.23.xxx, Source region: XX, User name: USERNAME,, Client OS version: Apple [[Mac OS X 10.15.4]], Machine Certificate CN : (null), Host ID: xx:xx:e7:50:a1:xx, Serial No : XVFYT0LLM6XX | ||
− | |||
− | |||
== Errors connecting to [[LDAP]] == | == Errors connecting to [[LDAP]] == | ||
Line 52: | Line 57: | ||
== Related commands == | == Related commands == | ||
− | * [[match]] | + | * <code>[[match]]</code> |
− | * [[show log system]] direction equal backward severity greater-than-or-equal [[low]] | + | * <code>[[show log system]]</code> direction equal backward severity greater-than-or-equal [[low]] |
− | * [[show log system]] receive_time in <last-15-minutes|last-6-hrs> | + | * <code>[[show log system]]</code> receive_time in <last-15-minutes|last-6-hrs> |
− | * <code>[[show log system severity | + | * <code>[[show log system severity greater-than-or-equal medium]] direction equal backward</code> |
− | * [[less mp-log authd.log]] | + | * <code>[[less mp-log authd.log]]</code> |
* <code>[[show global-protect-gateway current-user]]</code> | * <code>[[show global-protect-gateway current-user]]</code> | ||
Latest revision as of 12:36, 9 May 2021
show log system direction equal backward | match globalp
Client
Contents
GlobalProtect server logs[edit]
2017/07/17 12:21:00 info globalp Global globalp 0 GlobalProtect portal user authentication failed. Login from: xx.xx.xx.xx Source region: IN, User name: USERNAME, Client OS version: Microsoft Windows 10 Pro , 64-bit, Reason: Authentication failed: Invalid username or password, Auth type: profile.
2017/05/06 15:11:22 info globalp Global globalp 0 GlobalProtect gateway client switch to SSL tunnel mode succeeded. User name: NAME Private IP: 10.10.10.10
2018/05/06 15:22:55 info auth Authen auth-su 0 authenticated for user '[email protected]'. auth profile 'Authentication-Seq', vsys 'vsys1', server profile 'My_Radius_server', server address '10.10.10.43', auth protocol 'PAP', From: 12.14.17.23.
2017/05/06 18:18:47 info globalp Global globalp 0 GlobalProtect gateway user logout succeeded. User name: USERNAME, Client OS version: Apple iOS 13.3.1, Reason: user session expired'.
2017/05/06 18:08:50 info globalp Global globalp 0 GlobalProtect portal client configuration generated. Login from: 156.20.23.xxx, Source region: XX, User name: USERNAME, Client OS version: Apple Mac OS X 10.15.4, Config name: you_GP_Portal_Agent, Client OS: Mac, Machine Certificate CN : , Host ID: xx:xx:e7:50:a1:xx, Serial No : XVFYT0LLM6XX
2017/05/06 18:16:43 info globalp Global globalp 0 GlobalProtect portal client configuration failed. Login from: 156.20.23.xxx, Source region: XX, User name: USERNAME,, Client OS version: Apple Mac OS X 10.15.4, Machine Certificate CN : (null), Host ID: xx:xx:e7:50:a1:xx, Serial No : XVFYT0LLM6XX
Errors connecting to LDAP[edit]
2019/03/06 10:54:21 medium userid 10.10. connect 0 ldap cfg XX_XX_XXXXX failed to connect to server 10.10.XXX.XX:389: Error: Failed to connect to 10.10.XXX.XX(10.10.XXX.XX):389Error: Failed to connect to 10.10.XXX.xx(10.10.xxx.xx):389
2020/09/06 16:00:14 info globalp Global globalp 0 GlobalProtect gateway user logout succeeded. User name: USERNAME, Client OS version: Microsoft Windows 10 Pro , 64-bit, Reason: remove previous login.
2020/09/06 16:29:28 info globalp Global globalp 0 GlobalProtect gateway user login failed. Login from: xx.xx.xx.xxx, Source region: XX, User name: USERNAME Client OS version: Microsoft Windows 10 Pro , 64-bit, error: Existing user session found.
GlobalProtect client[edit]
PanGPS.log P 753-T42899 Jun 08 14:32:54:905939 Debug(2622): gateway xxx.domain.com's config is
(T5256) 09/02/20 10:55:32:473 Info (1332): User USERNAME logs in on session 1 (T5256) 09/02/20 10:58:39:268 Info (1342): User USERNAME logs off on session 1
(T5612) 08/29/20 15:12:21:478 Info (1377): lock off session 2
(T22900) 09/06/20 17:01:09:784 Debug( 606): Tunnel downtime (437016 milliseconds) exceeds retry grace period (300 seconds).
(T5256) 09/02/20 10:55:32:473 Info (1332): User USERNAME logs in on session 2
(T6280) 09/06/20 13:06:39:432 Debug(1285): Logging out gateway, reason is User logs off
(T8524) 09/02/20 10:39:21:327 Debug( 556): Failed to connect to xx.xx.xx.xx on 443 with return value -1 and socket error 0(0)
(T30824) 09/02/20 10:36:40:502 Debug( 142): CheckPanGpAgentThread: PanGPA process 28596 exits, ret is 00000000. (T30824) 09/02/20 10:36:40:502 Debug( 150): GlobalProtect agent terminates unexpectedly. Skip StopThreads().
(T13476) 09/07/20 09:25:50:358 Debug(1216): ===> response sent to GPI = <response><type>status</type><state>Restoring VPN Connection</state><error>Gateway YOUR_DOMAIN.COM: Checking network availability and restoring VPN connection when network is available.</error><disabled>no</disabled></response>
Related commands[edit]
match
show log system
direction equal backward severity greater-than-or-equal lowshow log system
receive_time in <last-15-minutes|last-6-hrs>show log system severity greater-than-or-equal medium direction equal backward
less mp-log authd.log
show global-protect-gateway current-user
See also[edit]
show (PAN-OS), show log (system|config|alarm)
,show system info
,show system state
,show system resources
,show system resource follow
- GlobalProtect, GlobalProtect logs, GlobalProtect client, HIP,
show global-protect-gateway
[current-user | statistics | flow ]
- PAN-OS (Palo Alto): PAN-OS Releases,
show vpn
, GlobalProtect, GlobalProtect logs, WildFire,show log
,show session all
, MDM,match
, PAN-OS reports, HIP, Zone
Advertising: