Questions on logs export

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Questions on logs export

Not applicable

Hello,

I am setting up Palo Alto Firewall and want to export logs in CSV format to a UNIX filer daily at a specified time of the day. I have these questions:

  • How do I schedule log export job so that it exports logs of only that particular day (and not all log history)?
  • What is the default size of the log buffer? If log buffer gets full before the scheduled export time, I want to export logs before they get overwritten. How to do this?

Also CSV files shows many columns, many of which are redundant. Where can I modify those columns?

Thanks.

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hi!

In the device tab there is a section called "scheduled log export". this will allow you to set a scheduled daily event where the previous day's logs are exported in csv format and ftp'd/scp'd onto a server of your choice.

The only thing you'd need to verify is if your log volume allows you at least a full day's worth of logs, you can quickly check what the last log entry is to make sure there's enough headroom for the daily export to be successful

> show log traffic

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

5 REPLIES 5

L6 Presenter

A workaround might be to use syslog from paloalto which outputs by default in csv format.

You can also in the custom log format define your own setup like if you dont like some columns.

Cyber Elite
Cyber Elite

Hi!

In the device tab there is a section called "scheduled log export". this will allow you to set a scheduled daily event where the previous day's logs are exported in csv format and ftp'd/scp'd onto a server of your choice.

The only thing you'd need to verify is if your log volume allows you at least a full day's worth of logs, you can quickly check what the last log entry is to make sure there's enough headroom for the daily export to be successful

> show log traffic

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L4 Transporter

Hi

Are you sure about ability to SCP logs to server?

I have 4.1.10 PAN and I see only FTP settings for export.

How to make scp?

regards

SLawek

we are running 5.0.2...

Hi

the scp option became available in PANOS 5.0, in 4.1 you can only use ftp to transport the daily log export

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1 accepted solution
  • 3604 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!