06-27-2023 05:11 AM - edited 06-27-2023 05:14 AM
Hi,
I am trying to export filtered logs from the monitor->traffic tab, but I get nothing:
When I click on the export button there is a little window "Exporting logs, please wait.." that is running about 10 or 20 min and some time it never end and some time is ended with the link to download the file, but the file is empty "Zero bit".. ??
PA-3260 version 10.2.4
Could you help
Thanks
06-27-2023 05:53 AM
There's a service timeout for the connection that you could be running into that will disrupt the download. You can bypass this timeout by using the scheduled log export functionality, or you can limit the amount of data you are attempting to pull down so that you don't run into the same issue.
Just to validate that this is the problem, try a targeted export filter of a single endpoint use (receive_time in last-15-minutes). As long as that export works fine you're just running into the timeout, if that still has issues please let us know.
06-27-2023 07:23 AM
Hi,
Thanks for your answer, you are talking about the session admin GUI timeout ? because I am still login to the GUI and seeing the window with the message "Exporting logs, please wait.."..
Yes I already tried to filter for 1 hour or a single endpoint or user, and its worked fine, as soon as I filter for source nat IP "( natsrc eq X.X.X.X )" its running and like freezing for ever... or it stop after longtime and with empty csv file
06-27-2023 08:40 AM
There's actually a timeout on individual sessions to the web interface service, completely separate from the admin session timeout. Last I got a concrete number it was six minutes, but that may have been raised.
Depending on how much data your attempting to export you'll run into the timeout and the session will be closed. In most cases a browser will just never get prompted to download anything, but in some cases you may get the empty file that have received depending on when that timeout closes things.
In this instance it sounds like you're looking to export a large amount of data, and you should be using a scheduled log export or using the CLI to export via SCP/FTP instead. Both options will allow you to bypass this timeout and get the data you're after without disruption.
06-28-2023 12:44 AM
Hi
First of all thanks for your answer and suggestions.
Currently we are running into a bug since six month regarding scheduled log export "see printscreen bleow", we opened two cases for that, and the support told us first to upgrade version 10.2.4 and apparently the bug still there, now they ask us to upgrade version 11 but there is not preferred version right now on version 11:
So we are waiting for a preferred version to upgrade.
By the was scheduled log export is very heavy to achieve what I want to achieve, as we need to export almost 20 days of logs (each day is about 1Gi compressed" run a script to all logs with a specific filter to get what I want.
You second solution "CLI export" in my knowledge there is no advanced option to filter except timeframe for source IP? I cannot see any for example nat source ?
You are talking about the issue with timeout session, can we adjust this timeout ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
