Data Longevity in a Stats Dump File

• NGFW

Two options can be leveraged to extract the stats dump file:

1. Roll the date back manually on the Palo Alto Networks firewall (Device > Setup > Management > General Settings). Then, generate the status dump file again.
   
2. Use the SCP to pull the file within a specific time/data period.

For example:

> scp export stats-dump start-time equal 2014/06/01@00:00:00 end-time equal 2014/06/10@00:00:00 to <case number>@tacupload.paloaltonetworks.com:silent

show system info...

Generating Application Report...

Generating HTTP Application Report...

Generating Category Report...

Generating Risk Report...

Generating Threat Report...

Generating Source Country Report...

Generating Destination Country Report...

Generating URL Category Report...

Generating Subcategory Report...

Generating Technology Report...

Generating Data Report...

show_system_info.txt

reports/

reports/RiskReport.xml

reports/TechnologyReport.xml

reports/CategoryReport.xml

reports/HTTPApplicationReport.xml

reports/DataReport.xml

reports/ApplicationReport.xml

reports/DestinationCountryReport.xml

reports/SubcategoryReport.xml

reports/error.log

reports/ThreatReport.xml

reports/SourceCountryReport.xml

reports/URLCategoryReport.xm

Finished generating reports. Please press enter to continue...

The authenticity of host 'tacupload.paloaltonetworks.com (199.167.52.81)' can't be established.

RSA key fingerprint is d7:5d:70:12:60:6b:cf:99:a5:78:da:69:aa:c3:c5:d2.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'tacupload.paloaltonetworks.com,199.167.52.81' (RSA) to the list of known hosts.

logdbcsv_20140618_1107.tar.gz           100% 4747      4.KB/s        00:00      

Once the report is exported, the Application Visibility and Risk (AVR) Report Tool can be used for analysis.

owner: kadak