Paloaltologapi – Help to get log by paloalto XML API


This tool can help you create log for paloalto automatic and help use paloalto XML API

Last Update 2018.02.21



code sign on “Open Source Developer, JuSeong Han” Check!


This tool can help you create External Dynamic Lists by collecting firewall logs in a file in real time.

Up to 5000 logs can be collected at one time.

Query is the same as the Monitor tab in the firewall.

Please use the environment setting file(paloaltologapi.ini) and set it according to the user.

Key=<-- paloalto XML query key
Path=c:\inetpub\wwwroot\attackip.txt <-- path to file path
Type=traffic <-- paloalto log type
Query=!(action eq allow ) and (( port.dst eq 23 ) or(port.dst eq 1433 ) or (port.dst eq 3389 ) or(port.dst eq 135 )) <-- paloalto query
Firewall= <-- firewall domain address
Object=src <-- result object
Interval=30 <-- request time<minute>
Delete=10 <-- delete collect file(path) interval <day>  
Duplicated=true <-- if duplicated ip "true" is not add, "false" is add to file.

Check out the video above and it’ll help.

Update notice

2018.02.21 – performance update and file delete fix.

2017.11.13 – fix query input to limit 255 to 1024 char.

2017.02.27 – Fix query error, add to option delete path file interval.

2017.01.04 – option change, can -dbip not define. you can monitoring port base.

Usage option

install services type.

uninstall services type.

Facebook Comments
Detection ADBlockPlease, Disable or add to white list on our site.