Palo Alto Networks

How to Pull and View Logs Using Automation for Palo Alto Networks Firewalls

Are you looking to automate your log pulling process for your Palo Alto Firewalls? indeni is capable of accessing the SSH-only logs and analyze them. See how.

Last updated: September 15, 2025

An avatar of the author
Matt Faraclas
Stacked cut tree logs illustrating the concept of deep firewall log collection and analysis

Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.

The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog

Key Takeaways
  • Most network monitoring tools provide surface-level visibility and lack deep device data collection required by IT teams.
  • The described solution aims to simplify overall network management rather than only performing event and status monitoring.
  • Palo Alto Networks firewalls expose multiple categorized log types (e.g., traffic, threat, system, URL, wildfire) through standard CLI commands.
  • Some critical Palo Alto log components are accessible only via SSH, making them harder to integrate into traditional monitoring workflows.
  • The tool has been enhanced to access and analyze SSH-only logs from Palo Alto firewalls, enabling automated collection of specific log lines.
  • There is an extensible mechanism to incorporate additional log patterns into the platform based on user requirements.

Many network monitoring tools on the market today are just good at that: monitoring. They fail to go in depth and dig deep into devices to pull the gritty data important to IT teams. We build indeni with those users in mind. Our goal is to simplify network management, not just monitor it. For example:

There are two sets of log “components” in Palo Alto Networks firewalls:

  • The easily accessible logs (for lack of better name):
  • indeni@Peanut(active)> show log > alarm Show alarm logs > appstat Show appstat logs > configShow config logs > dailythsumShow dailythsum logs > dailytrsumShow dailytrsum logs > dataShow data logs > hipmatchShow hipmatch logs > hourlythsum Show hourlythsum logs > hourlytrsum Show hourlytrsum logs > iptag Show iptag logs > mdm Show mdm logs > systemShow system logs > threatShow threat logs > thsum Show thsum logs > traffic Show traffic logs > trsum Show trsum logs > url Show url logs > useridShow userid logs > weeklythsum Show weeklythsum logs > weeklytrsum Show weeklytrsum logs > wildfireShow wildfire logs  indeni@Peanut(active)>

A different kind of logs.

indeni is now capable of accessing the SSH-only logs and analyzing those. So, if you have certain log lines you’d like to automatically collect and analyze from these files, please feel free to email us at [email protected] and share your needs. We’ll be sure to include those in our software, in addition to the thousands of other log lines that are already on our list.

Published in:

Palo Alto Networks

Published on: July 7, 2015

An avatar of the author

Related content

Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more