Palo Alto Networks

How to Pull and View Logs Using Automation for Palo Alto Networks Firewalls

Are you looking to automate your log pulling process for your Palo Alto Firewalls? indeni is capable of accessing the SSH-only logs and analyze them. See how.

Last updated: September 15, 2025

An avatar of the author
Matt Faraclas
Stacked cut tree logs illustrating the concept of deep firewall log collection and analysis

Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.

The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog

Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

The article explains that many network monitoring tools only provide surface-level visibility, while indeni is designed to dig deeper into devices to retrieve detailed, hard-to-access data. It highlights indeni's capability to access and analyze both the easily accessible Palo Alto Networks firewall logs and the SSH-only logs that other tools often miss, enabling richer automated collection and analysis. Operationally, this deeper log access allows IT teams to gather gritty, actionable insights from firewall logs that improve network management and troubleshooting outcomes.

What problem does indeni aim to solve compared to other network monitoring tools?

indeni addresses the limitation of many network monitoring tools that are primarily focused on monitoring and do not dig deep into devices to extract detailed data. The article states indeni is built for users who need more than basic monitoring; it simplifies network management by pulling gritty, hard-to-access information from devices, including SSH-only logs on Palo Alto Networks firewalls. This deeper visibility provides IT teams with the detailed log lines and context necessary for more effective troubleshooting and operational decision-making.

Which types of Palo Alto Networks firewall logs does indeni already access and analyze?

The article lists a set of easily accessible Palo Alto Networks firewall log components that indeni can work with, such as alarm, appstat, config, dailythsum, dailytrsum, data, hipmatch, hourlythsum, hourlytrsum, iptag, mdm, system, threat, thsum, traffic, trsum, url, userid, weeklythsum, weeklytrsum, and wildfire logs. Additionally, indeni is capable of accessing SSH-only logs and analyzing those, extending its reach beyond the normally accessible log files to provide broader and deeper log analysis.

How can users request support for specific log lines to be included in indeni's analysis?

Users who have particular log lines they want indeni to automatically collect and analyze are invited to email their needs to [email protected]. The article indicates that indeni will include requested log lines in their software in addition to the thousands of other log lines already supported. This process allows customers to influence feature and log coverage expansion based on their operational requirements.

Many network monitoring tools on the market today are just good at that: monitoring. They fail to go in depth and dig deep into devices to pull the gritty data important to IT teams. We build indeni with those users in mind. Our goal is to simplify network management, not just monitor it. For example:

There are two sets of log “components” in Palo Alto Networks firewalls:

  • The easily accessible logs (for lack of better name):
  • indeni@Peanut(active)> show log > alarm Show alarm logs > appstat Show appstat logs > configShow config logs > dailythsumShow dailythsum logs > dailytrsumShow dailytrsum logs > dataShow data logs > hipmatchShow hipmatch logs > hourlythsum Show hourlythsum logs > hourlytrsum Show hourlytrsum logs > iptag Show iptag logs > mdm Show mdm logs > systemShow system logs > threatShow threat logs > thsum Show thsum logs > traffic Show traffic logs > trsum Show trsum logs > url Show url logs > useridShow userid logs > weeklythsum Show weeklythsum logs > weeklytrsum Show weeklytrsum logs > wildfireShow wildfire logs  indeni@Peanut(active)>

A different kind of logs.

indeni is now capable of accessing the SSH-only logs and analyzing those. So, if you have certain log lines you’d like to automatically collect and analyze from these files, please feel free to email us at [email protected] and share your needs. We’ll be sure to include those in our software, in addition to the thousands of other log lines that are already on our list.

Published in:

Palo Alto Networks

Published on: July 7, 2015

An avatar of the author

Related content

Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more