Upgrading 7.1 to 8.0: New Log Storage

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Upgrading 7.1 to 8.0: New Log Storage

L1 Bithead

Hi


We are upgrading to 8.0 and have noticed the cavet about new log storage in 8.0. We do not have log collectors setup, but are collecting logs in Panorama (threat and traffic only) and wonder if the existing log migration applies to these as well?

 

Thanks in advance for any advice,

Rebecca

 

1 accepted solution

Accepted Solutions

L7 Applicator

@RSporbert Rebecca, 

Even though you do not have a seperate log collector in Panorama, you will have a built in log collector by default, otherwise Panorama would not be able to access the logs from the Palo Alto Networks devices sending the logs to Panorama.

 

Because PAN-OS 8.0 uses a new format, the logs will need to be converted to the new format to work properly and run reports.

 

For instructions on how to accomplish this, please see this page:

Upgrade Firewalls Using Panorama

 

I hope this answers your question.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

View solution in original post

14 REPLIES 14

L7 Applicator

@RSporbert Rebecca, 

Even though you do not have a seperate log collector in Panorama, you will have a built in log collector by default, otherwise Panorama would not be able to access the logs from the Palo Alto Networks devices sending the logs to Panorama.

 

Because PAN-OS 8.0 uses a new format, the logs will need to be converted to the new format to work properly and run reports.

 

For instructions on how to accomplish this, please see this page:

Upgrade Firewalls Using Panorama

 

I hope this answers your question.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

Thank you jdelio, upgraded successfully and all good. 

Hi Joe @jdelio,

 

We have a panorama(VM) with 2x M-100 log collectors, to upgrade to 8.0, here is my plan,

 

1. Upgrade both Panorama and log collectors to 8.0, confirm they are working, e.g. new logs are showing fine.

2. Start the old log migration with the following command.

    PA>request logdb migrate lc serial-number<serial_number> start

 

My question is on the 2nd step, where do I run this command from, is it from Panorama or LC? If it's panorama, I guess the serial_number is one of the log collectors?

 

Thanks, Fengrui

 

@Fengrui

That second command would be ran on Panorama CLI. More specifically, it would be ran on the Log Collector. 

If you do not have a seperate log collector, then you would just be on Panorama CLI directly to run this command.

 

I hope this makes sense.

 

For more information about upgrading to PAN-OS 8.0, please see this link:

https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/upgrade-to-pan-os-8-0/upgr...

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

 @jdelio Thanks Joe, we do have dedicated log collector, so the serial number in the command would be from one of the firewalls sending logs to the collector? And this means I will need to convert log for each firewall?

@Fengrui,

The command is:

> request logdb migrate lc serial-number<serial_number> start

 

So, I would say that the serial # is the actual Log Collector serial #.. 

 

Also, after looking at this again, this command would be run on Panorama CLI..  just wanted to clarify..  As Panorama talks with 1 or more Log Collectors. 

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

@jdelio, thanks Joe.

L2 Linker

I just upgraded our panorama to 8.0.2.  We don't have any external log collectors and only store logs locally on panorama.  I'm don't seem to be able to start the log migration process.  The error it gives is the serial numer is invalid.  I'm using the panorama serial number in the command.  Am I doing something wrong?  Do I have to convert to "panorama mode" first?

 

> request logdb migrate lc serial-number xxxxxxxxxxx start

Server error :  xxxxxxxxxxx is invalid serial-number.Current target-vsys is none
 request -> logdb -> migrate -> lc -> serial-number is invalid

@Fengrui@howardtopher and If you do not have a seperate log collector on Panorama, I was able to find the following talking about this here:

https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/panorama-features/logging-...

 

This link talks specifically about the Logging enhancements in PAN-OS 8.0.

 

I talks about upgrading the logs locally on Panorama first, with lots of instructions. So Please read that first, as it should help explain what is going on and what needs to happen next.  There is also another command to run, AFTER upgrading the logs.

> request logdb migrate vm start

 

Please let us know if you have any additional questions about this.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

@jdelio, thank you for the link, as we have dedicated log collectors - physical appliances, so I guess the last command you supplied won't be applicable for us? I am trying to get a clear instruction on upgrading our environment, so far your comment above seems the closest one. As the option for labbing this up is restricted, since we don't have any spare log collectors to test, and also the log conversation process sounds like irreversible, so I am a bit nervous.

@Fengrui, You either have Log collectors and use the first command:

> request logdb migrate lc serial-number<serial_number> start

 

Or you do not have external log collectors, and you would then just upgrade the logdb:

> request logdb migrate vm start

 

 

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

Has anyone migrated an m100 log collector or log collector group? If so how long did it take for the process to complete? I am assuming, log viewing and report generation will be degraded on the Panorama.

L1 Bithead

We just recently upgraded our Panorama management pair (HA) from 7.1.9 to 8.0.4 and  then proceeded to upgrade one of our dedicated M-500 log collectors.  We ran into an issue which to this point has stumped support.  I launch the log migration command from our management box against the upgrade LC and it launches fine with no errors but just sits at 0% complete and the time remaining on the clock just keeps increasing  (see output of status command):  497k hour remaining!

 

Slot: all
Migration State: In Progress
Percent Complete: 0.00
Estimated Time Remaining:497597 hour(s) 58 min(s)

 

We have no logging or reporting within Panorama available for this 1 LC at this point.  We have been without it now for over 1.5 months.  We were recently instructed to upgrade to version 8.0.5 which I did this morning on our management boxes and LC and it is still hanging at 0% complete.  Supposedly there were issues addresses specifically to the log migration process in this version.   I am at the point where I just want to rebuild or wipe our M500 and start over.  Any one have any ideas?

Thanks in advance!

Hi Andrew,

 

Your upgrade and migration sounds similar to mine. I think your gonna have to make a decision from the secruity standpoint, have zero visibility vs waiting on a fix?  Check out my post below.

 

https://live.paloaltonetworks.com/t5/General-Topics/Log-collector-on-8-0-and-panorama-FW-s-on-7-1-Co...

  • 1 accepted solution
  • 11409 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!