Exporting logs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Exporting logs

L1 Bithead

Hi,

I am trying to export filtered logs from the monitor->traffic tab, but I get nothing:

When I click on the export button there is a little window "Exporting logs, please wait.." that is running about 10 or 20 min and some time it never end and some time is ended with the link to download the file, but the file is empty "Zero bit".. ??

PA-3260 version 10.2.4

Could you help 

 

Thanks

4 REPLIES 4

Cyber Elite
Cyber Elite

@belmar77,

There's a service timeout for the connection that you could be running into that will disrupt the download. You can bypass this timeout by using the scheduled log export functionality, or you can limit the amount of data you are attempting to pull down so that you don't run into the same issue.

 

Just to validate that this is the problem, try a targeted export filter of a single endpoint use (receive_time in last-15-minutes). As long as that export works fine you're just running into the timeout, if that still has issues please let us know. 

L1 Bithead

Hi,

Thanks for your answer, you are talking about the session admin GUI timeout ? because I am still login to the GUI and seeing the window with the message "Exporting logs, please wait.."..

Yes I already tried to filter for 1 hour  or a single endpoint or user, and its worked fine, as soon as I filter for source nat IP "( natsrc eq X.X.X.X )" its running and like freezing for ever... or it stop after longtime and with empty csv file

Cyber Elite
Cyber Elite

@belmar77,

There's actually a timeout on individual sessions to the web interface service, completely separate from the admin session timeout. Last I got a concrete number it was six minutes, but that may have been raised. 

Depending on how much data your attempting to export you'll run into the timeout and the session will be closed. In most cases a browser will just never get prompted to download anything, but in some cases you may get the empty file that have received depending on when that timeout closes things.

 

In this instance it sounds like you're looking to export a large amount of data, and you should be using a scheduled log export or using the CLI to export via SCP/FTP instead. Both options will allow you to bypass this timeout and get the data you're after without disruption. 

L1 Bithead

Hi

First of all thanks for your answer and suggestions.

Currently we are running into a bug since six month regarding scheduled log export "see printscreen bleow", we opened two cases for that, and the support told us first to upgrade version 10.2.4 and apparently the bug still there, now they ask us to upgrade version 11 but there is not preferred version right now on version 11:

https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-...

So we are waiting for a preferred version to upgrade. 

By the was scheduled log export is very heavy to achieve what I want to achieve, as we need to export almost 20 days of logs (each day is about 1Gi compressed" run a script to all logs with a specific filter to get what I want.

You second solution "CLI export" in my knowledge there is no advanced option to filter except timeframe for source IP? I cannot see any for example nat source ?

You are talking about the issue with timeout session, can we adjust this timeout ? 

 

belmar77_0-1687937678585.png

 

  • 1780 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!