This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Log exporting is failing. :(

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Log exporting is failing. :(

Rboehme
L2 Linker

‎09-15-2015 06:27 AM

Have export of traffic /threat/url etc set up on log export
All setup to use SCP.
Target linux server is setup correctly.
Test SCP server connection works correctly (see attach word doc)
Job fails with an error in system log :

Failed exporting data log via ssh (last-calendar-day) to 192.168.252.61. Permission denied, please try again..' )

Also tested everything is OK by running export from command line , this works , see log below:


****@sd061(active)> scp export log traffic to data-paloalto-prd@192.168.252.61:/home/data-paloalto-prd/sd060logs/sd060-20150914x start-time equal 2015/09/11@00:00:00 end-time equal 2015/09/14@10:09:00
(container-tag: export container-tag: log container-tag: traffic leaf-tag: to value: data-paloalto-prd@192.168.252.61:/home/data-paloalto-prd/sd060logs/sd060-20150914x container-tag: start-time leaf-tag: equal value: 2015/09/11@00:00:00 pop-tag: container-tag: end-time leaf-tag: equal value: 2015/09/14@10:09:00 pop-tag: pop-tag: pop-tag: pop-tag:)
((eol-matched: . #t) (cli-handler: . scp-handler) (context-inserted-at-end-p: . #f))
/usr/local/bin/pan_logquery  -L 3600 -b -t traffic -t1 1441926000 -t2 1442221740 2> /dev/null | /usr/bin/ssh 'data-paloalto-prd@192.168.252.61' ' cat > /home/data-paloalto-prd/sd060logs/sd060-20150914x '
data-paloalto-prd@192.168.252.61's password:
Marking log as exported successfully...
/usr/local/bin/pan_slog -t 1 -s 1 -o 'Succeed to export traffic log (2015/09/11@00:00:00 - 2015/09/14@10:09:00)'
/usr/local/bin/pan_logquery  -L 3600 -b -t traffic -t1 1441926000 -t2 1442221740 -m  1> /dev/null
'cfg.reportd.enable': NO_MATCHES
2015-09-14 10:41:26.518 +0100 Error:  pan_logdb_update_file_construct(pan_logdb.c:474): update file: /opt/panlogs/logdb/traffic/1/20150914/pan.0000000000.log.actionflags.updatefile exists but of wrong size: 800891 expected size: 809485
/usr/local/bin/pan_slog -t 1 -s 1 -o 'Succeed to mark traffic log as exported'

 

May you please help?

1 person had this problem.
0 Likes Likes
4 REPLIES 4

rmonvon
L6 Presenter

‎09-15-2015 12:19 PM

Hi...Please contact Support so that we can troubleshoot the SCP issue that you are experiencing.  Thanks.

0 Likes Likes

echahine
L2 Linker

‎01-26-2022 03:22 AM

Hello,

I know this is a very old thread, but did anyone get around to fix the permission issue?

I am trying to run a manual scp export config-bundle from the CLI but it is also giving Permission Denied although I am issuing this command as a superuser.

Any thoughts?

Nikki_Moss
L0 Member
In response to echahine

‎11-14-2022 12:00 PM

Did you get this?

0 Likes Likes

bchaborek
L0 Member

‎12-18-2024 07:29 AM

Hello,

 

I just had the same/similar issue and came across this thread, this was the solution for me:

Environment: Panorama managed Highly Available NGFWs. Scheduled Config Export via SCP working from Panorama, Scheduled Log Export not working from managed NGFWs.

Error: 'Failed exporting traffic log via ssh (last-calendar-day) to <target>

 

From the firewall CLI a manual SCP works fine:

 

scp export log traffic to <user>@<target>:/home/logman/palogs/<firewall>-20241218x start-time equal 2024/12/18@07:00:00 end-time equal 2024/09/18@09:00:00
<user>@<target>'s password: <password>
Marking log as exported successfully...

Solution:

From TechNote: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/device/device-scheduled-log-...

"If you use a Panorama template to configure the log export schedule, you must perform this step after committing the template configuration to the firewalls. After the template commit, log in to each firewall, open the log export schedule, and click Test SCP server connection."

 

I logged on to each individual firewall which had received the configuration from Panorama and executed the Test SCP server connection, which sure enough I had to accept the RSA key of the target ssh server (note: I had already accepted the RSA key using the CLI of each firewall, I didn't realize I also had to do this on the webgui.)

My SSH logs are now exporting properly again. Note that if you have HA firewalls, you will need to do the webgui RSA acceptance on each individual device.

 

Accept RSA Key on Each Firewall DeviceAccept RSA Key on Each Firewall Device

 

 

0 Likes Likes
  • 4377 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks