Can I retrieve System Error logs in Panther?

Last updated: August 26, 2025

QUESTION

Can I retrieve logs for system errors in Panther, either through log Search or Data Explorer?

ANSWER

The ability to access system error logs in Panther depends on the type of system error you're looking for:

  • Log Source Authentication/Connection Errors: These can only be viewed through the log source listing and log source details pages. They are not available through Search or Data Explorer.

  • S3 GetObject Errors: Failed S3 objects are stored in the data lake and can be queried in the panther_monitor.data_audit table.

  • Log Classification Failures: Logs that failed to classify are sent to the data lake and can be queried in the classification_failures table in the panther_monitor database.

For more information about different types of system errors, see Panther's System Error documentation.