Data Longevity in a Stats Dump File
Symptom
Sometimes after generating the stats dump file (Device > Support > Generate Stats Dump File), the result is an empty file with no data.
Environment
- NGFW
Cause
When a stats dump file is attempted to to be generated, the firewall by default takes data from the last 7 days. If the unit has been out of the proof of concept (POC) environment for more than 7 days, then the dump will be empty.
Resolution
Two options can be leveraged to extract the stats dump file:
- Roll the date back manually on the Palo Alto Networks firewall (Device > Setup > Management > General Settings). Then, generate the status dump file again.
- Use the SCP to pull the file within a specific time/data period.
For example:
> scp export stats-dump start-time equal 2014/06/01@00:00:00 end-time equal 2014/06/10@00:00:00 to <case number>@tacupload.paloaltonetworks.com:silent
show system info...
Generating Application Report...
Generating HTTP Application Report...
Generating Category Report...
Generating Risk Report...
Generating Threat Report...
Generating Source Country Report...
Generating Destination Country Report...
Generating URL Category Report...
Generating Subcategory Report...
Generating Technology Report...
Generating Data Report...
show_system_info.txt
reports/
reports/RiskReport.xml
reports/TechnologyReport.xml
reports/CategoryReport.xml
reports/HTTPApplicationReport.xml
reports/DataReport.xml
reports/ApplicationReport.xml
reports/DestinationCountryReport.xml
reports/SubcategoryReport.xml
reports/error.log
reports/ThreatReport.xml
reports/SourceCountryReport.xml
reports/URLCategoryReport.xm
Finished generating reports. Please press enter to continue...
The authenticity of host 'tacupload.paloaltonetworks.com (199.167.52.81)' can't be established.
RSA key fingerprint is d7:5d:70:12:60:6b:cf:99:a5:78:da:69:aa:c3:c5:d2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'tacupload.paloaltonetworks.com,199.167.52.81' (RSA) to the list of known hosts.
logdbcsv_20140618_1107.tar.gz 100% 4747 4.KB/s 00:00
Additional Information
Once the report is exported, the Application Visibility and Risk (AVR) Report Tool can be used for analysis.
owner: kadak