PAN-OS 8.x
> show user server-monitor state all
UDP Syslog Listener Service is enabled
SSL Syslog Listener Service is enabled
Proxy: Cisco ISE SecureSyslog(vsys: vsys1) Host: Cisco ISE logs(192.168.xxx.xxx)
number of log messages : 1
number of auth. success messages : 0
number of active connections : 1
total connections made : 1
> show user ip-user-mapping all type SYSLOG
IP Vsys From User IdleTimeout(s) MaxTimeout(s)
--------------------------------------------- ------ ------- -------------------------------- -------------- -------------
192.168.xx.11 vsys1 SYSLOG domain\user1 2539 2539
192.168.xx.12 vsys1 SYSLOG domain\user2 1781 1781
192.168.xx.13 vsys1 SYSLOG domain\user3 846 846
> debug user-id on debug
debug user-id set userid basic
> debug user-id on info
> debug user-id unset all
> tail follow yes mp-log useridd.log
> clear user-cache-mp ip <IP-address> //user-cache-mp (Clear management plane user cache)
> clear user-cache ip <IP-address> //user-cache (Clear dataplane user cache)