Exporting Firewall Logs into CSV Format Times Out from the WebGUI
Resolution
Issue
If exporting Palo Alto Networks firewall logs (such as, traffic, URL, threat) the system into CSV format times out from the WebUI.
Resolution
Try to export the logs from the CLI and send to another server through SCP or FTP. To increase the number of rows exported into the CSV file, follow the steps in the following document, How to Increase the Max Rows in CSV Export
For example, to export the URL logs that contain the value "paloaltonetworks" from June 1st to July 1st, run the following command on the firewall (this will create a CSV file on the remote host):
> scp export log url query "url contains paloaltonetworks" start-time equal 2014/06/01@00:00:00 end-time equal 2014/07/01@00:00:00 to user@10.0.0.1:/home/url-logs.csv
Syntax
> scp export log {data | threat | traffic | url} end-time equal <value> starttime equal <value> to <value>
{
max-log-count <value> |
passive-mode equal {no | yes} |
query <value> |
remote-port <port_number> |
unexported-only equal {no | yes}
}
Option Functions
- max-log-count — Maximum number of logs to export (0-65535)
- passive-mode — Use FTP passive mode
- query — Query value
- remote-port — FTP port number on remote host (1-65535)
- unexported-only — Filter logs that are not previously exported
- end-time — End date and time YYYY/MM/DD@hh:mm:ss (e.g. 2006/08/01@10:00:00)
- start-time — Start date and time YYYY/MM/DD@hh:mm:ss (e.g. 2006/08/01@10:00:00)
- to — Destination (username:password@host) or (username@host)
owner: pmak