Schedule Log Exports to an SCP or FTP Server
Focus
Focus

Schedule Log Exports to an SCP or FTP Server

Table of Contents

Schedule Log Exports to an SCP or FTP Server

You can schedule exports of Traffic, Threat, URL Filtering, Data Filtering, HIP Match, and WildFire Submission logs to a Secure Copy (SCP) server or File Transfer Protocol (FTP) server. Perform this task for each log type you want to export.
You can use Secure Copy (SCP) commands from the CLI to export the entire log database to an SCP server and import it to another firewall. Because the log database is too large for an export or import to be practical on the following platforms, they do not support these options: PA-7000 Series firewalls (all PAN-OS releases), Panorama virtual appliance running Panorama 6.0 or later releases, and Panorama M-Series appliances (all Panorama releases).
  1. Select
    Device
    Scheduled Log Export
    and click
    Add
    .
  2. Enter a
    Name
    for the scheduled log export and
    Enable
    it.
  3. Select the
    Log Type
    to export.
  4. Select the daily
    Scheduled Export Start Time
    . The options are in 15-minute increments for a 24-hour clock (00:00 - 23:59).
  5. Select the
    Protocol
    to export the logs:
    SCP
    (secure) or
    FTP
    .
  6. Enter the
    Hostname
    or IP address of the server.
  7. Enter the
    Port
    number. By default, FTP uses port 21 and SCP uses port 22.
  8. Enter the
    Path
    or directory in which to save the exported logs.
  9. Enter the
    Username
    and, if necessary, the
    Password
    (and
    Confirm Password
    ) to access the server.
  10. (
    FTP only
    )
    Select
    Enable FTP Passive Mode
    if you want to use FTP passive mode, in which the firewall initiates a data connection with the FTP server. By default, the firewall uses FTP active mode, in which the FTP server initiates a data connection with the firewall. Choose the mode based on what your FTP server supports and on your network requirements.
  11. (
    SCP only
    )
    Click
    Test SCP server connection
    . Before establishing a connection, the firewall must accept the host key for the SCP server.
    (
    PAN-OS 10.2.4 and later releases
    ) A pop-up window is displayed requiring you to enter a clear text
    Password
    and then to
    Confirm Password
    in order to test the SCP server connection and enable the secure transfer of data.
    The firewall does not establish and test the SCP server connection until you enter and confirm the SCP server password. If the firewall is in an HA configuration, perform this step on each HA peer so that each one can successfully connect to the SCP server. If the firewall can successfully connect to the SCP server, it creates and uploads the test file named
    ssh-export-test.txt
    .
    If you use a Panorama template to configure the log export schedule, you must perform this step after committing the template configuration to the firewalls. After the template commit, log in to each firewall, open the log export schedule, and click
    Test SCP server connection
    .
  12. Click
    OK
    and
    Commit
    .

Recommended For You