CLI Commands to Export/Import Configuration and Log Files
Resolution
Details
The following four commands can be used to export and import various log and configuration files, and does not require special permissions, other than being an administrator. Note that the SCP option works only for Linux/Unix servers.
Note: For PAN-OS 7.0 and greater, refer to the PAN-OS CLI Quick Start for the procedure to Use Secure Copy to Import and Export Files.
> scp export log
- data data
- threat threat
- traffic traffic
- url url
> scp export log-file
- control-plane Use scp to export control-plane log-file
- data-plane0 Use scp to export data-plane0 log-file
- data-plane1 Use scp to export data-plane1 log-file
- data-plane2 Use scp to export data-plane2 log-file
- management-plane Use scp to export management-plane log-file
> tftp export log-file
- control-plane Use scp to export control-plane log-file
- data-plane0 Use scp to export data-plane0 log-file
- data-plane1 Use scp to export data-plane1 log-file
- data-plane2 Use scp to export data-plane2 log-file
- management-plane Use scp to export management-plane log-file
The following four commands requires a Dynamic Role of Superuser or Superuser (read-only), or a Role Based Role with CLI elevation of superuser or super reader:
> scp export configuration
- remote-port SSH port number on remote host
- source-ip Set source address to specified interface address
- from from
- to Destination (username@host:path)
> tftp export configuration
- remote-port SSH port number on remote host
- source-ip Set source address to specified interface address
- from from
- to Destination (username@host:path)
> scp import configuration
- remote-port SSH port number on remote host
- source-ip Set source address to specified interface address
- from Source (username@host:path)
> tftp import configuration
- remote-port SSH port number on remote host
- source-ip Set source address to specified interface address
- from Source (username@host:path)
The following scp import logdb and scp export logdb commands are applicable only for Palo Alto Networks firewalls (except the PA-7000 Series) and Panorama VM with versions up to 5.1.
> scp import logdb
- remote-port SSH port number on remote host
- source-ip Set source address to specified interface address
- from Source (username@host:path)
> scp export logdb
- remote-port SSH port number on remote host
- source-ip Set source address to specified interface address
- to Destination (username@host:path_to_destination_filename)
owner: panagent