CLI Commands to Export/Import Configuration and Log Files

CLI Commands to Export/Import Configuration and Log Files

200263
Created On 09/25/18 19:50 PM - Last Modified 12/31/25 10:44 AM


Resolution


Details

The following four commands can be used to export and import various log and configuration files, and does not require special permissions, other than being an administrator. Note that the SCP option works only for Linux/Unix servers.

Note:  For PAN-OS 7.0 and greater, refer to the PAN-OS CLI Quick Start for the procedure to Use Secure Copy to Import and Export Files.

 

> scp export log
  data      data
  threat    threat
  traffic   traffic
  url       url

 

> scp export log-file
  control-plane      Use scp to export control-plane log-file
  data-plane0        Use scp to export data-plane0 log-file
  data-plane1        Use scp to export data-plane1 log-file
  data-plane2        Use scp to export data-plane2 log-file
  management-plane   Use scp to export management-plane log-file

 

> tftp export log-file
  control-plane      Use scp to export control-plane log-file
  data-plane0        Use scp to export data-plane0 log-file
  data-plane1        Use scp to export data-plane1 log-file
  data-plane2        Use scp to export data-plane2 log-file
  management-plane   Use scp to export management-plane log-file

 

The following four commands requires a Dynamic Role of Superuser or Superuser (read-only), or a Role Based Role with CLI elevation of superuser or super reader:

> scp export configuration
  remote-port   SSH port number on remote host
  source-ip     Set source address to specified interface address
  from          from
  to            Destination (username@host:path)

 

>  tftp export configuration
  remote-port   SSH port number on remote host
  source-ip     Set source address to specified interface address
  from          from
  to            Destination (username@host:path)

 

> scp import configuration
  remote-port   SSH port number on remote host
  source-ip     Set source address to specified interface address
  from          Source (username@host:path)

 

> tftp import configuration
  remote-port   SSH port number on remote host
  source-ip     Set source address to specified interface address
  from          Source (username@host:path)

 

 

The following scp import logdb and scp export logdb commands are applicable only for Palo Alto Networks firewalls (except the PA-7000 Series) and Panorama VM with versions up to 5.1.

> scp import logdb
  remote-port   SSH port number on remote host
  source-ip     Set source address to specified interface address
  from          Source (username@host:path)

 

> scp export logdb
  remote-port   SSH port number on remote host
  source-ip     Set source address to specified interface address
  to            Destination (username@host:path_to_destination_filename)

 

owner: panagent
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClfWCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language