Problem exporting logs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Problem exporting logs

L4 Transporter

Hi everybody

I'm trying to export a traffic monitor log but I always have the same problem. If I try to export a week or a single day I only get about 7-8 hours and a file of 16Mbs with no more than 50000 or 60000 rows. I have modified the "Logging and Reporting Settings" to increase the "Max Rows in CSV Export" to 1 million.

My device is a PA-2050 with PanOS 4.1.6.

Best regards

Gonzalo Arroyo

6 REPLIES 6

L5 Sessionator

There is a bug open in 4.1 branch wrt to this even though the max lines are set to 1048576 sometimes only 60-65k lines would show up  else browser would return  Page cannot be displayed

refer to the bug: 28222 fixed in 5.0.0

L5 Sessionator

For a workaround you can do the following:-

login to the cli:-

enable logging on putty.

> set cli pager off

> show log traffic start-time equal 2012/09/01@10:00:00 end-time equal  2012/09/03@10:00:00

this command would dump all the logs for that period.

Hi

I'm also using log export. I stared from FTP export and now I have SCP export.

Logs are quite big - do you think that we should request option to export zip compressed logs?

Regards

Slawek

It seems like the best solution when there are lots of logs is to avoid using a scheduled export and instead focus on using syslog forwarding plus collection.

L4 Transporter

Thanks everybody for the answer. I manage to export the log with cli (thanks to sraghunandan :smileygrin:) maybe later i will upgrade to 5.0 and try again with GUI.

Best regards

Hello

PANOS 5.0 can export logs of 1048576 lines as well when I tested. About 300Mbytes logs were exporting on WEB-UI.

Thanks.

Regards,

Roh

  • 3278 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!