How to export all logs ( eg 5 moths detailed) to CSV or any other format?
From monitor -> logs -> traffic i tried to export to CSV but it showing only for one day, is there any way to export all logs?
In monitor -> Reports it showing logs from From 4th Feb 2013 to till date, bur when i tried to export to CSV from logs -> traffic it is showing only one day logs.
I can't help you, but I have related question.
How to export system log? It's impossible using Scheduled log export. Isthere any other way to export it CSV or any other format?
You can export the system logs from the Monitor tab. You should see an icon in the upper right-hand corner that looks like the Excel icon. Clicking this will allow you to export the logs to a CSV file.
You should be able to export your logs using the following CLI command:
scp export log traffic
The above command will work with tftp as well and has options (use ? after 'scp export log traffic') for the start time and end times to export. It is important to note that you may not have 5 months of logs on the device, depending on available storage and your logging configuration.
No problem! The 'scp export log traffic' is a CLI command, so you could use something like an expect script to schedule downloads. You could also use the XML API to fetch a maximum of 5000 logs (using /api/?type=log&log-type=traffic&nlogs=).
Craig, are You sure that in traffic logs are data from system log?
admin@PA> scp export log
> data data
> threat threat
> traffic traffic
> url url
> wildfire wildfire
^^^^ this is the same like from GUI.
Palo alto can export only 65535 lines by default in csv format.
You can modify this under Device->Setup->Management->'Logging and reporting settings'->Max Rows in CSV format.
You can specify up to 2Million as my knowledge.
Hyadavalli you're right but for me if you specify 2Million, for me it will be not take in concideration (in the past it make sense because there were a limit of 65000 line per Excel docuement)
But what you can do is export the first 65000 line, then change the date in your palo then export again ..
Not the lceanest way to do but it works :-)
After that keep in mind to configure fowarding profile per rule :-) - If you are end user, ask your reseller, there is easy way to do that through migration tool.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!