Panorama scp export log traffic" Command Only Returns the Log Headers"

Panorama scp export log traffic" Command Only Returns the Log Headers"

18033
Created On 09/26/18 19:16 PM - Last Modified 10/03/22 19:38 PM


Symptom


Traffic logs are exported from Panorama by the following CLI command, but the exported logs contain only headers and not logs.

> scp export log traffic end-time equal 2013/11/11@06:55:00 start-time equal 2013/
11/10@04:40:00 to username@:/path/file.csv
 

Environment


  • Any Panorama
  • Supported PAN-OS
  • Log export

Cause


  • If traffic logs from Panorama have to be exported using the CLI export command, "Receive Time" have to be used as "end-time" and "start-time" but not "Generate Time".
  • In addition, "end-time" and "start-time" have to be equal to "Receive Time" (not less-than-or-equal or great-than-or-equal).
  • This is part of traffic logs with "Generate Time" and "Receive Time" columns:

Screen Shot 2014-08-15 at 1.38.29 PM.png

 

  • If "Generate Time" is specified as "start-time" and "end-time", export will be successful but log will be empty:
> scp export log traffic start-time equal 2014/05/16@00:25:40 end-time equal 2014
/05/16@00:25:41 to goran@10.193.20.226:/home/goran/kb.csv

goran@10.193.20.226's password:
Marking log as exported successfully...
 

 

Resolution


In order to properly export traffic, "start-time" and "end-time" have to be equal to "Receive Time":

>scp export log traffic start-time equal 2014/05/16@12:19:02 end-time equal 2014
/05/16@12:19:02 to goran@10.193.20.226:/home/goran/kb1.csv

goran@10.193.20.226's password:
Marking log as exported successfully...

 

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm3zCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language