Export traffic log form Panorama via CLI

Reply
L2 Linker

Export traffic log form Panorama via CLI

Hi,

We're using Panorama 5.0.x for collecting traffic log (which store the log at NFS Server), which I would search (or export) some old logs (around a year before).

I get time out via WebGUI, and tried scp but it only return the log headers

scp export log traffic max-log-count 1048576 end-time equal 2013/10/10@04:45:00 start-time equal 2013/10/10@04:30:00 to XXXX@XXXXX:/home/XXXXX/traffic.csv

How can I export it from CLI?

Thanks.


Accepted Solutions
L0 Member

Hi,

You probably used "Generate Time" instead of "Receive Time" OR you did not specify exact time frame (equal has to be exact "Receive Time" on panorama it is not leq or geq). Can you check that?

View solution in original post


All Replies
L0 Member

Hi,

 

You can use following command:

> scp export logdb to <user account>@<IP of SCP server>:<directory path>

 

More information can be found here:

 

CLI Commands to Export/Import Configuration and Log Files

L2 Linker

Hi,

Actually I am not trying to export the logdb, but I want the traffic log for forensic, therefore I would like to get the raw log in csv format. 

L0 Member

Hi,

You probably used "Generate Time" instead of "Receive Time" OR you did not specify exact time frame (equal has to be exact "Receive Time" on panorama it is not leq or geq). Can you check that?

View solution in original post

L2 Linker

Hi gbogojevic,

Yes, you are right, i used "Generate Time" to filter which really takes a long time and time outed finally.

When I use "Receive Time" in my filter, the result come out right a way.

Thank a lot!!!

L0 Member

Hello, 

I am having issue accessing this resource. Can someone please send me a refreshed link? Thanks

Community Team Member

@NisterioHD  and others trying access that link..

The link has been fixed, and here it is:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClfWCAS

 

Let us know if this link does not work properly.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items!
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!