About the Traffic Logs Page
To access this page, click Monitor > Traffic Logs.
You can use the Traffic Logs page to view the details of the traffic logs that are generated by managed devices. You can view the traffic logs that are generated in the past 24 hours. These traffic logs are used to debug certain events such as, session create, session delete, and session update and so on. You can view the traffic logs for SD-WAN and Next-Generation firewall deployments.
Tasks You Can Perform
You can perform the following tasks from this page:
View a graphical representation of Traffic logs in a specified time range (Time Range widget).
The x-axis represents the defined time and the y-axis represents number of traffic logs.
Use the slider to decrease or increase the time range within which you want to view the traffic logs. You can also select from pre-defined time ranges such as 5m, 10m, 20m, 30m, 1h, 2h, 4h, 8h, 16h, 24h, or Custom.
If you select Custom, you must specify the dates and times (in MM/DD/YYYY and HH:MM:SS 24-hour or AM/PM formats) from when and up to when you want the traffic logs displayed.
View information related to traffic logs; see Table 1.
View similar traffic logs. Select a traffic log and Click Show exact match to view similar log.
Group the traffic logs based on the options available in the Group by field. For example, you can group the traffic logs based on destination country, destination IP, and so.
Show or hide the columns displayed on the page—Click the Show Hide Columns icon at the top right corner of the page and select the columns that you want displayed in the grid.
View the traffic logs in non tabular format or raw text by clicking the More > Show raw log option.
Create an alert for a specific traffic by clicking the More > Create Alert option.
Create a report for a specific traffic by clicking the More > Create Report option.
Export a traffic log to a comma-separated values (CSV) file by clicking the More >Export to CSV option.
Table 1 provides information related to traffic logs.
Table 1: Columns on the Traffic Logs Page
Log Generated Time
View the time when the traffic log was generated.
Log Received Time
View the time when the traffic log was received by CSO.
View the site name when the traffic log was generated.
View the event name of the traffic log.
View the source country name from where the event originated.
View the source IP address from where the event occurred (IPv4 or IPv6).
View the destination country name from where the event occurred.
View the destination IP address of the event (IPv4 or IPv6).
View the source port of the event.
View the destination port of the event.
View the description of the log.
View the name of the policy for which the traffic log was generated.
View the accessed URL name that triggered the traffic log.
View the event category of the traffic log (For example firewall or apptrack).
View the user name.
View the action taken for the event: warning, allow, and block.
View the hostname in the log.
View the name of the Layer 4 service.
View the name of the Layer 7 application.
View the source zone of the site.
View the destination zone of the site.
View the role names associated with the event.
View the reason for the log generation. For example, unrestricted access.
NAT Source Port
View the source port of traffic after NAT.
NAT Destination Port
View the destination port of traffic after NAT.
NAT Source Rule Name
View the source NAT rule name.
NAT Destination Rule Name
View the destination NAT rule name.
NAT Source IP
View the source IP address after the IP address translation.
NAT Destination ID
View the destination IP address after the IP address translation.
Traffic Session ID
View the Session ID mapped by site to an event.
View the path name of the log.
Logical System Name
View the logical system name.
View the rule name.
View the name of the Web filtering profile that triggered the log.