https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/R6BGArNQ/TECSEC-3004.pdf
system support trace
https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/R6BGArNQ/TECSEC-3004.pdf
system support trace
You can use the migration tool to do this
After version 10.1 there is also a log forwarding for security services policy optimizer under
Policies > Security
Policy optimizer in the bottom left
You need to have configured logging and your log forwarding profile in advance
Select "None" to find all the rules with no logging policy applied
click the first rule
scroll to the bottom
hold shift and click the last rule to select all
In the bottom left click "Attach log forwarding profile"
Select your profile "LOG-FWD-PROFILE"
Click ok
Commit
Info found on:
https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-profile-in-all-security-policies/td-p/205426
Get hostname
hostname
Get current user
whoami
Get serial number
wmic bios get serialnumber
Get manufacturer model name
wmic csproduct get name
Print out date/time
echo %DATE% %TIME%
Get OS name and ver (takes a few seconds to run)
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
All IP config details
ipconfig /allcompartments /all
Get all NIC details
wmic nicconfig get description,IPAddress,MACaddress
Display the DNS cache
ipconfig /displaydns
Check hosts file
more %SystemRoot%\System32\Drivers\etc\hosts
Netstat (run as admin)
Get listening/established ports and PIDs
netstat -naob
netstat -naob | findstr LIST
Print routing table
netstat -nr
route print
List sessions with other computers
net session
net session \\pcname /list
Print our machines we can see on domain
net view
net view \\127.0.0.1
View Netbios over TCP details
nbtstat -S
Show arp table
arp -a
WLAN info
netsh wlan show interfaces
netsh wlan show all
List services
services.msc
tasklist
Show whats inside svhosts
tasklist /svc
tasklist.exe /FI "PID eq 8988" /svc
sc query
wmic service list config
Sysinternals
pslist
pskill
Event logs
eventvwr
wevtutil qe security /f:text | more
Localusers
Lusrmgr
net users
Startup apps
msconfig
autoruns
xcopy find files for a specific date (note date format)
xcopy \\servername\sharename$\*.* /S /L /H /D:mm-dd-yyyy | more
Find files bigger than 30MB
for /R c:\ %i in (*) do @if %~zi gtr 30000000 echo %i %~zi
Sysinternals
tcpviewcon -a
psloggedon
logonsession
handle
listdlls
processexplorer
processmon
sysmon
autoruns
debug software restart log-receiver
debug software restart management-server
This can be done from the web gui under Monitor > Packet capture
Setup your filters
Add your stages rx,tx,fw,drop
Switch on filter and packet capture
You can also run tcpdump from the CLI which is the only one that will show mgmt interface traffic like syslog
https://www.sonicwall.com/support/knowledge-base/configuring-aggressive-mode-site-to-site-vpn-when-a-site-has-dynamic-wan-public-ip-address/170505565649605/