Header Ads

Recently post

Home / paloalto / PaloAlto CLI command for troubleshooting

PaloAlto CLI command for troubleshooting

September 12, 2022

 General Command----

show system info  =    //shows the uptime, serial number, ...

show system environmentals  =  //e.g. power supply failures

show ntp  = //time server

show session info  = //packet rate, number of sessions, fastpath active, etc.

show session id <id> = //session id

show interface { all | <interface-name> } =//all interface

show routing route     = //routing table (all routes)

show routing fib   = //forwarding table (only used routes)

show routing protocol <protocol>  =// check routing protocol

show arp { all | <interface-name> } = // ARP 

show neighbor interface { all | <interface-name> }  = //IPv6 neighbor cache

show mac all    = //only with layer 2 interfaces

show jobs all =// check all running process

show jobs id <id> =//

show running resource-monitor  =  //resource statistics

show system resource follow  //="top", CPU usage and processes

show system disk-space     =   //"df -h" check harddisk space

debug software restart <service>  =  //Restart a certain process

request restart system   = //Reboot the whole device


FW Session--


show system statistics application

show system statistics session


Routing debug--


debug routing pcap <routing-protocol> on

debug routing pcap show

debug routing pcap <routing-protocol> view

debug routing pcap <routing-protocol> off

debug routing pcap <routing-protocol> delete



MGMT logs---


less mp-log ?

less mp-log dnsproxyd.log

tail follow yes mp-log dhcpd.log

tail follow yes mp-log routed.log



View the traffic from the management port at least two console connections are needed. The first one executes the tcpdump command (with “snaplen 0” for capturing the whole packet, and a filter, if desired),

tcpdump snaplen 0 filter "port 53"

while the second console follows the live capture:

view-pcap follow yes mgmt-pcap mgmt.pcap

Test traffic can be generated with a third console session, e.g.:

Ping host webernetz.net

Later on, the pcap file can be moved to another computer with the following command:

scp export mgmt-pcap from mgmt.pcap to <username@host:path>

Alternatively, tftp can be used:

tftp export mgmt-pcap from mgmt.pcap to <host>




No comments

Subscribe to: Post Comments ( Atom )