Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-09-2014 06:32 AM
Hi,
I have a PA-500 which is running PAN-OS 5.0.9 and a Panorama server running PAN-OS 5.1. The Panorama is new and I would like to get all the historic traffic logs from the 500 to the Panorama. I have used scp export logdb user@server:logdb to export the logdb off the 500. To begin with the ssh sessions were timing out before the file had finished so I set keep alives to try to get round this issue.
The export ran for about two days and it had appeared to finish. When I try to import the log it gets as far as ./hipmatch/.scheme.500.hipmatch.4.0.5 and stops (see screen shot).
All that happens after this is that the traffic log on the Panorama is empty and it wont accept any new logs from the 500. It's almost like the logdb is corrupt. The exported file was only about 26GB and the settings on the 500 says the logs are set to be 118GB
It seems as if the log export is very slow it only hits about 5mbps at its peak, its connected to gigabit infrastructure.
Has anyone else had a similar issue or know another way to get the logs into the Panorama?
Thanks,
Gareth
07-09-2014 08:00 AM
Hi Hulk,
Thanks for the suggestion, however there doesn't seem to be a corresponding import command for the Panorama.
Gareth
07-09-2014 08:25 AM
Hello Gareth,
SCP option only works for linux/unix servers. Are you trying to export from PAN firewall to directly Panorama (5.1.x).?
Related article: CLI Commands to Export/Import Configuration and Log Files
Thanks
07-09-2014 08:41 AM
Hi Hulk,
I'm exporting from the 500 to a Linux server then importing from the server to the Panorama.
Thanks,
Gareth
07-09-2014 08:44 AM
Ok, then it should work smoothly. Is there any intermediate device, which can cause a problem here..?
Thanks
07-09-2014 08:48 AM
Traffic between the 500 & panorama and the server does have to pass through a firewall. The ports are open but I guess it could be tearing down the session as its been open for such a long time? I'll try putting a server in the same subnet and see if that makes a difference.
07-10-2014 08:19 AM
The default tcp timer is 30 minutes. You could create a custom service on the firewall with a longer timeout value if you think the session keep alive is not working.
07-17-2014 07:26 AM
Unfortunately the answer to my question is you cant import the traffic logs from a PA to a Panorama.
Thanks for everyone suggestions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
