Palo Alto Networks Knowledgebase: CLI Commands to Export/Import Configuration and Log Files

CLI Commands to Export/Import Configuration and Log Files

34486
Created On 02/08/19 00:04 AM - Last Updated 02/08/19 00:04 AM
Resolution

Details

The following four commands can be used to export and import various log and configuration files, and does not require special permissions, other than being an administrator. Note that the SCP option works only for Linux/Unix servers.

Note:  For PAN-OS 7.0, refer to the PAN-OS CLI Quick Start for the procedure to Use Secure Copy to Import and Export Files.

> scp export log

  • data      data
  • threat    threat
  • traffic   traffic
  • url       url

> scp export log-file

  • control-plane      Use scp to export control-plane log-file
  • data-plane0        Use scp to export data-plane0 log-file
  • data-plane1        Use scp to export data-plane1 log-file
  • data-plane2        Use scp to export data-plane2 log-file
  • management-plane   Use scp to export management-plane log-file

> tftp export log-file

  • control-plane      Use scp to export control-plane log-file
  • data-plane0        Use scp to export data-plane0 log-file
  • data-plane1        Use scp to export data-plane1 log-file
  • data-plane2        Use scp to export data-plane2 log-file
  • management-plane   Use scp to export management-plane log-file

The following four commands requires a Dynamic Role of Superuser or Superuser (read-only), or a Role Based Role with CLI elevation of superuser or super reader:

> scp export configuration

  • remote-port   SSH port number on remote host
  • source-ip     Set source address to specified interface address
  • from          from
  • to            Destination (username@host:path)

>  tftp export configuration

  • remote-port   SSH port number on remote host
  • source-ip     Set source address to specified interface address
  • from          from
  • to            Destination (username@host:path)

> scp import configuration

  • remote-port   SSH port number on remote host
  • source-ip     Set source address to specified interface address
  • from          Source (username@host:path)

> tftp import configuration

  • remote-port   SSH port number on remote host
  • source-ip     Set source address to specified interface address
  • from          Source (username@host:path)

The following scp import logdb and scp export logdb commands are applicable only for Palo Alto Networks firewalls (except the PA-7000 Series) and Panorama VM with versions up to 5.1.

> scp import logdb

  • remote-port   SSH port number on remote host
  • source-ip     Set source address to specified interface address
  • from          Source (username@host:path)

> scp export logdb

  • remote-port   SSH port number on remote host
  • source-ip     Set source address to specified interface address
  • to            Destination (username@host:path_to_destination_filename)

owner: panagent



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClfWCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language