02-28-2017 06:46 AM - edited 02-28-2017 07:06 AM
Hi
We are upgrading to 8.0 and have noticed the cavet about new log storage in 8.0. We do not have log collectors setup, but are collecting logs in Panorama (threat and traffic only) and wonder if the existing log migration applies to these as well?
Thanks in advance for any advice,
Rebecca
03-29-2017 01:24 PM
@RSporbert Rebecca,
Even though you do not have a seperate log collector in Panorama, you will have a built in log collector by default, otherwise Panorama would not be able to access the logs from the Palo Alto Networks devices sending the logs to Panorama.
Because PAN-OS 8.0 uses a new format, the logs will need to be converted to the new format to work properly and run reports.
For instructions on how to accomplish this, please see this page:
Upgrade Firewalls Using Panorama
I hope this answers your question.
03-29-2017 01:24 PM
@RSporbert Rebecca,
Even though you do not have a seperate log collector in Panorama, you will have a built in log collector by default, otherwise Panorama would not be able to access the logs from the Palo Alto Networks devices sending the logs to Panorama.
Because PAN-OS 8.0 uses a new format, the logs will need to be converted to the new format to work properly and run reports.
For instructions on how to accomplish this, please see this page:
Upgrade Firewalls Using Panorama
I hope this answers your question.
03-31-2017 01:02 AM
Thank you jdelio, upgraded successfully and all good.
04-26-2017 02:44 AM - edited 04-26-2017 03:07 AM
Hi Joe @jdelio,
We have a panorama(VM) with 2x M-100 log collectors, to upgrade to 8.0, here is my plan,
1. Upgrade both Panorama and log collectors to 8.0, confirm they are working, e.g. new logs are showing fine.
2. Start the old log migration with the following command.
PA>request logdb migrate lc serial-number<serial_number> start
My question is on the 2nd step, where do I run this command from, is it from Panorama or LC? If it's panorama, I guess the serial_number is one of the log collectors?
Thanks, Fengrui
04-26-2017 10:14 AM
That second command would be ran on Panorama CLI. More specifically, it would be ran on the Log Collector.
If you do not have a seperate log collector, then you would just be on Panorama CLI directly to run this command.
I hope this makes sense.
For more information about upgrading to PAN-OS 8.0, please see this link:
04-26-2017 10:34 AM
@jdelio Thanks Joe, we do have dedicated log collector, so the serial number in the command would be from one of the firewalls sending logs to the collector? And this means I will need to convert log for each firewall?
04-26-2017 11:10 AM
The command is:
> request logdb migrate lc serial-number<serial_number> start
So, I would say that the serial # is the actual Log Collector serial #..
Also, after looking at this again, this command would be run on Panorama CLI.. just wanted to clarify.. As Panorama talks with 1 or more Log Collectors.
05-02-2017 02:16 PM
I just upgraded our panorama to 8.0.2. We don't have any external log collectors and only store logs locally on panorama. I'm don't seem to be able to start the log migration process. The error it gives is the serial numer is invalid. I'm using the panorama serial number in the command. Am I doing something wrong? Do I have to convert to "panorama mode" first?
> request logdb migrate lc serial-number xxxxxxxxxxx start
Server error : xxxxxxxxxxx is invalid serial-number.Current target-vsys is none
request -> logdb -> migrate -> lc -> serial-number is invalid
05-03-2017 02:02 PM
@Fengrui. @howardtopher and If you do not have a seperate log collector on Panorama, I was able to find the following talking about this here:
This link talks specifically about the Logging enhancements in PAN-OS 8.0.
I talks about upgrading the logs locally on Panorama first, with lots of instructions. So Please read that first, as it should help explain what is going on and what needs to happen next. There is also another command to run, AFTER upgrading the logs.
> request logdb migrate vm start
Please let us know if you have any additional questions about this.
05-04-2017 03:21 AM
@jdelio, thank you for the link, as we have dedicated log collectors - physical appliances, so I guess the last command you supplied won't be applicable for us? I am trying to get a clear instruction on upgrading our environment, so far your comment above seems the closest one. As the option for labbing this up is restricted, since we don't have any spare log collectors to test, and also the log conversation process sounds like irreversible, so I am a bit nervous.
05-04-2017 09:42 AM
@Fengrui, You either have Log collectors and use the first command:
> request logdb migrate lc serial-number<serial_number> start
Or you do not have external log collectors, and you would then just upgrade the logdb:
> request logdb migrate vm start
08-15-2017 06:44 AM
Has anyone migrated an m100 log collector or log collector group? If so how long did it take for the process to complete? I am assuming, log viewing and report generation will be degraded on the Panorama.
10-04-2017 01:30 PM
We just recently upgraded our Panorama management pair (HA) from 7.1.9 to 8.0.4 and then proceeded to upgrade one of our dedicated M-500 log collectors. We ran into an issue which to this point has stumped support. I launch the log migration command from our management box against the upgrade LC and it launches fine with no errors but just sits at 0% complete and the time remaining on the clock just keeps increasing (see output of status command): 497k hour remaining!
Slot: all
Migration State: In Progress
Percent Complete: 0.00
Estimated Time Remaining:497597 hour(s) 58 min(s)
We have no logging or reporting within Panorama available for this 1 LC at this point. We have been without it now for over 1.5 months. We were recently instructed to upgrade to version 8.0.5 which I did this morning on our management boxes and LC and it is still hanging at 0% complete. Supposedly there were issues addresses specifically to the log migration process in this version. I am at the point where I just want to rebuild or wipe our M500 and start over. Any one have any ideas?
Thanks in advance!
10-17-2017 02:40 AM
Hi Andrew,
Your upgrade and migration sounds similar to mine. I think your gonna have to make a decision from the secruity standpoint, have zero visibility vs waiting on a fix? Check out my post below.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
