Questions on logs export

Reply
Not applicable

Questions on logs export

Hello,

I am setting up Palo Alto Firewall and want to export logs in CSV format to a UNIX filer daily at a specified time of the day. I have these questions:

  • How do I schedule log export job so that it exports logs of only that particular day (and not all log history)?
  • What is the default size of the log buffer? If log buffer gets full before the scheduled export time, I want to export logs before they get overwritten. How to do this?

Also CSV files shows many columns, many of which are redundant. Where can I modify those columns?

Thanks.

L6 Presenter

Re: Questions on logs export

A workaround might be to use syslog from paloalto which outputs by default in csv format.

You can also in the custom log format define your own setup like if you dont like some columns.

Community Manager

Re: Questions on logs export

Hi!

In the device tab there is a section called "scheduled log export". this will allow you to set a scheduled daily event where the previous day's logs are exported in csv format and ftp'd/scp'd onto a server of your choice.

The only thing you'd need to verify is if your log volume allows you at least a full day's worth of logs, you can quickly check what the last log entry is to make sure there's enough headroom for the daily export to be successful

> show log traffic

regards

Tom


Help the community: Like helpful comments and mark solutions
Reaper out
L4 Transporter

Re: Questions on logs export

Hi

Are you sure about ability to SCP logs to server?

I have 4.1.10 PAN and I see only FTP settings for export.

How to make scp?

regards

SLawek

Not applicable

Re: Questions on logs export

we are running 5.0.2...

Community Manager

Re: Questions on logs export

Hi

the scp option became available in PANOS 5.0, in 4.1 you can only use ftp to transport the daily log export

regards

Tom


Help the community: Like helpful comments and mark solutions
Reaper out
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!