I have a ruby program that retrieves logs from Panorama using the API.
You start with:
response = pa.api_request( :post, 'api/', {'type' => 'log', "log-type" => "threat" ,"query" => "..." })this returns a jobid which you then use in a subsequent call to retrieve logs:
pa.api_request( :post, 'api/', {type: 'log', action: 'get', 'job-id': pa.job_id })which returns:
{"response"=> {"status"=>"success","result"=> {"job"=> {"tenq"=>"13:03:30","tdeq"=>"13:03:30","tlast"=>"12:00:00","status"=>"FIN","id"=>"9315","cached_logs"=>"220"},"log"=> {"logs"=> {"count"=>"20","progress"=>"100",...One can retrieve only up to 5000 logs at a time. I presume that one can iterate this some how to get large numbers of log records using the information in the job section but I cannot figure out how.
