Internet logs, backup and review

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Internet logs, backup and review

L2 Linker

Pardon if this is a repost but I am new and could not find anything similar.

Right now our 3020 unit seems to only be getting 4 or 5 days worth of log information before it fills up.  We would like to have access for the last 30 days if possible.  Is there a way to backup the monitor logs and then be able to search them later if called upon?  Oh, yeah, there is zero budget for this.

I do have an automated daily backup of the running-config.xml via scp cobbled together at the moment.  Not sure if that could be useful.

Thanks,

Todd

4 REPLIES 4

L7 Applicator

The easiest thing that we would recommend you do because there is no budget for a Panorama server to forward the Firewall logs to, would be to get a Syslog server, and setup log forwarding to the Syslog server.. that way you could have more than just 4-5 days of logs.  Not that easy to read the logs or do reporting, but you still have them.

I hope this helps.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

L4 Transporter

I had the same problem as You, please check this Policy with "Log at Session Start" option - how to find it?

or even remove loggin on policies for DNS/or any other "good" traffic.

Hope it could help You

Regards

Slawek

L7 Applicator

I don't know of a way to automate log backup, but you can export them and copy them off the firewall as outlined in the document below.

How to Export Logs

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L3 Networker

Maybe it also helps to keep log usage lower by enabling "log container page only" in the URL Filtering Profile.

You could also try to fetch the logs by using the XML API.

PAN-OS and Panorama XML API Reference Guide 6.0

PAN-OS and Panorama 5.0 XML API Usage Guide

HTH

  • 2905 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!