Moving/importing logs after HD failure

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Moving/importing logs after HD failure

L4 Transporter

Hi.

Recently, owing to an unplanned abrupt shutdown of my active firewall, I ended up with a hard drive corruption which prevented it from booting up (thank $deity for HA pairs).

Quite apart from PA's *ridiculously* bad response time to replace the hard drive (which is being/will be discussed with my support partner, trust me), I need to know if anyone knows how I can get the logs from the old drive onto the new one?

I spent about 4 hours copying them before I installed the new drive - and the first thing the damn thing did on bootup was erase the private data - including the logs I had painstakingly copied to the device.

So - does anyone know if I can get the log files *back* onto the device before I kick it back into "active" mode? Or do I need to shut it down now that it's got all its config and stuff back on it, then copy the files back from the old drive again and put the new one back into service? I can recover all but one day of the old logs - and give that there's almost 12 months of log data on the old drive, I'm loathe to lose it if I can avoid it.

Thanks for any input.

10 REPLIES 10

L7 Applicator

Hello Darren,

Which Platform it is...? In PAN-5000 platform with RAID enabled, can recover old logs from the HDD.

Thanks

PA2000.

I can get (have got) the old data - I just don't see any method (FTP, SCP etc) to put it back on the new drive bar pulling it out and using an external drive cradle.

You may want to approach PAN TAC, see if they can move data from root via SCP.

Hello Darren,

This DOC may help you to import Logs into PAN FW.

CLI Commands to Export/Import Configuration and Log Files

Else, PAN support engineer would be able to copy the logdb file into the proper directory.

Thanks

Hi Darren,

IF HDD is corrupt, then how did you login to firewall now ?  Based on answer solution will vary.

Regards,

Hardik Shah

HULK wrote:

Hello Darren,

This DOC may help you to import Logs into PAN FW.

CLI Commands to Export/Import Configuration and Log Files

Else, PAN support engineer would be able to copy the logdb file into the proper directory.

Thanks

Thanks - those might help - I'm experimenting now to see how I can make this work.

hshah wrote:

Hi Darren,

IF HDD is corrupt, then how did you login to firewall now ?  Based on answer solution will vary.

Regards,

Hardik Shah

It's been replaced, and the device put back online (as the passive node in the cluster). I'm trying to put the old logs back before I put it back into active mode.

Hi Darren,

I am not sure if this idea would work, but worth trying.

connect faulty HDD to linux box, now SCP its log to SCP server.

Now, re-SCP it to newer HDD partition. For this you might need TAC help, as you do not have root access.

Regards,

Hardik Shah

hshah wrote:

Hi Darren,

I am not sure if this idea would work, but worth trying.

connect faulty HDD to linux box, now SCP its log to SCP server.

Now, re-SCP it to newer HDD partition. For this you might need TAC help, as you do not have root access.

Regards,

Hardik Shah

Hardik.

I am working on something quite similar.

I am currently moving the logdb directory (what I can get of it, which is most) from the failed hard drive to a Linux server.

Once I have moved this data, I will create an archive in the correct format (gzipped tar) and see if I can SCP it back to the repaired firewall unit using the commands in the documents Hulk showed above.

If it works, it's an exercise in frustration - Palo Alto should make this so much easier - but if I manage to get the majority of my data back, I'm happy with that.

Hi Darren,

Right now there is no set process to recover logs from faulty disk. Approach your Sales Engineer, he can raise a Feature Request, after that we  may have a set procedure for this.

Regards,

Hardik Shah

  • 4010 Views
  • 10 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!