Delete logs and ACC monitor data

Announcements
Attention: The LIVEcommunity is experiencing an interruption with videos in some areas. We apologize for any inconvenience this may cause. Thank you for your patience as we work towards a solution to restore videos.
Reply
Highlighted
L0 Member

Delete logs and ACC monitor data

After testing out PA we wanted to remove all testing logs and data that was produced during the labbing phase.  What would be the CLI command to delete all the data without having to do a private-data-reset?  Want to keep all the current settings, but remove data from ACC and other logs so we can start fresh.

Tags (4)

Accepted Solutions
Highlighted
L4 Transporter

Re: Delete logs and ACC monitor data

With the clear command you can wipe information from the system. Try the clear log command to clear the information in the ACC and log files.

Marcel

View solution in original post


All Replies
Highlighted
L4 Transporter

Re: Delete logs and ACC monitor data

With the clear command you can wipe information from the system. Try the clear log command to clear the information in the ACC and log files.

Marcel

View solution in original post

Highlighted
Not applicable

Re: Delete logs and ACC monitor data

I found out that on PAN-OS 4 after clearing all logs:

> acc        ACC database

> alarm      Alarm logs

> config     Configuration logs

> hipmatch   Hipmatch database

> system     System logs

> threat     Threat logs

> traffic    Traffic logs

it seems that all logs are removed.... but.... they are not all :smileysad:

When I go to Monitor tab, click on Reports, Select Soures from Traffic Reports, then I see al history, sorted on date. So all IP's including usernames is shown. When you click on it, it shows the ACC, fortunately there is no information shown.

Please fix this, because clearing logs is much faster then performing a Private data reset before taking de NFR to a customer for a PoC.

Highlighted
L4 Transporter

Re: Delete logs and ACC monitor data

Your best bet might be to create a template of a simple config you want to use for rollouts and then do a "request system private-data-reset" (or factory reset).  Then upload your template config.

Clearing the logs does not clear the old reports in the system.  To do that you can use the "delete report ..." command.  I'm not sure if you can use wildcards or if you need to delete each one individually.

Cheers,

Kelly

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!