"Error: There is log data on the system whose format is unsupported in release 10.1" is seen after upgrade.

"Error: There is log data on the system whose format is unsupported in release 10.1" is seen after upgrade.

6797
Created On 11/05/22 14:26 PM - Last Modified 03/14/24 02:51 AM


Symptom


  • Upgrading from PAN-OS 8.x.x to PAN-OS 10.1.x for the first time.
  • The system will detect if any logs are present in an old format and alerts with the error message.
  • The message will also have the commands to be used after upgrade to recover the logs.
There is log data on the system whose format is unsupported in release 10.1. 
Upon upgrading to 10.1, the data will be automatically deleted.
 
image (32).png
 

Environment


  • Palo Alto Networks Firewall or Panorama
  • PAN-OS 8.x to 10.1 upgrade
  • Log Forwarding

Cause


  • Elasticsearch version has been changed in the newer version.
  • The logs written in the older version of elasticsearch cannot be read in the newer version.

Resolution


  1. Scroll down, copy and save the commands displayed in the message.
  2. Run the commands after upgrade to recover the unsupported data after the upgrade.
Note:
  • This message is only displayed once on the first attempt at installation. If the window is closed the message is not displayed again. Copy the commands before closing the warning message.
  • The commands displayed differ based on the type of logs (threat, traffic etc)

Additional Information


Recovery time will depend on the total amount of data that needs to be recovered. During the recovery process, logging and reporting performance will be impacted.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZr3CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail