07-06-2014 10:36 PM
Hi.
Recently, owing to an unplanned abrupt shutdown of my active firewall, I ended up with a hard drive corruption which prevented it from booting up (thank $deity for HA pairs).
Quite apart from PA's *ridiculously* bad response time to replace the hard drive (which is being/will be discussed with my support partner, trust me), I need to know if anyone knows how I can get the logs from the old drive onto the new one?
I spent about 4 hours copying them before I installed the new drive - and the first thing the damn thing did on bootup was erase the private data - including the logs I had painstakingly copied to the device.
So - does anyone know if I can get the log files *back* onto the device before I kick it back into "active" mode? Or do I need to shut it down now that it's got all its config and stuff back on it, then copy the files back from the old drive again and put the new one back into service? I can recover all but one day of the old logs - and give that there's almost 12 months of log data on the old drive, I'm loathe to lose it if I can avoid it.
Thanks for any input.
07-06-2014 10:48 PM
Hello Darren,
Which Platform it is...? In PAN-5000 platform with RAID enabled, can recover old logs from the HDD.
Thanks
07-06-2014 10:52 PM
PA2000.
I can get (have got) the old data - I just don't see any method (FTP, SCP etc) to put it back on the new drive bar pulling it out and using an external drive cradle.
07-06-2014 10:53 PM
You may want to approach PAN TAC, see if they can move data from root via SCP.
07-06-2014 11:00 PM
Hello Darren,
This DOC may help you to import Logs into PAN FW.
CLI Commands to Export/Import Configuration and Log Files
Else, PAN support engineer would be able to copy the logdb file into the proper directory.
Thanks
07-06-2014 11:03 PM
Hi Darren,
IF HDD is corrupt, then how did you login to firewall now ? Based on answer solution will vary.
Regards,
Hardik Shah
07-07-2014 02:59 PM
HULK wrote:
Hello Darren,
This DOC may help you to import Logs into PAN FW.
CLI Commands to Export/Import Configuration and Log Files
Else, PAN support engineer would be able to copy the logdb file into the proper directory.
Thanks
Thanks - those might help - I'm experimenting now to see how I can make this work.
07-07-2014 03:00 PM
hshah wrote:
Hi Darren,
IF HDD is corrupt, then how did you login to firewall now ? Based on answer solution will vary.
Regards,
Hardik Shah
It's been replaced, and the device put back online (as the passive node in the cluster). I'm trying to put the old logs back before I put it back into active mode.
07-07-2014 05:40 PM
Hi Darren,
I am not sure if this idea would work, but worth trying.
connect faulty HDD to linux box, now SCP its log to SCP server.
Now, re-SCP it to newer HDD partition. For this you might need TAC help, as you do not have root access.
Regards,
Hardik Shah
07-07-2014 05:45 PM
hshah wrote:
Hi Darren,
I am not sure if this idea would work, but worth trying.
connect faulty HDD to linux box, now SCP its log to SCP server.
Now, re-SCP it to newer HDD partition. For this you might need TAC help, as you do not have root access.
Regards,
Hardik Shah
Hardik.
I am working on something quite similar.
I am currently moving the logdb directory (what I can get of it, which is most) from the failed hard drive to a Linux server.
Once I have moved this data, I will create an archive in the correct format (gzipped tar) and see if I can SCP it back to the repaired firewall unit using the commands in the documents Hulk showed above.
If it works, it's an exercise in frustration - Palo Alto should make this so much easier - but if I manage to get the majority of my data back, I'm happy with that.
07-07-2014 06:09 PM
Hi Darren,
Right now there is no set process to recover logs from faulty disk. Approach your Sales Engineer, he can raise a Feature Request, after that we may have a set procedure for this.
Regards,
Hardik Shah
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
