Re-Index the LPC Drives
Table of Contents
Expand all | Collapse all
-
-
-
- PA-7000 Series Power Configuration Options
- Determine PA-7000 Series Firewall Power Configuration Requirements
- Connect AC Power to a PA-7050 Firewall
- Connect DC Power to a PA-7050 Firewall
- Connect AC Power to a PA-7080 Firewall
- Connect DC Power to a PA-7080 Firewall
- View PA-7000 Series Firewall Power Statistics
- Connect Cables to a PA-7000 Series Firewall
- Install the PA-7080 Firewall EMI Filter
-
- Replace a PA-7000 Series Firewall Air Filter
- Replace a PA-7000 Series SMC Boot Drive
- Replace a PA-7000 Series Firewall LPC Drive
- Re-Index the LPC Drives
- Replace a PA-7050-SMC-B or PA-7080-SMC-B Drive
- Increase the PA-7000 Series Firewall LPC Log Storage Capacity
Re-Index the LPC Drives
If you reuse the drives from a failed Log
Processing Card (LPC) when installing a new LPC, you must install
the drives in the same order in which they were removed from the
old LPC and then re-index the log metadata. This ensures that the
firewall properly displays the logs that are on the drives. The following
example is for a PA-7050 firewall. Use the same procedure for a
PA-7080 firewall, but use S7 instead of S8 as the LPC slot number
in the log view step.
If you are using a data port on
an NPC for management access, you must reconnect to the firewall
using the console port because you will shut down all NPCs to avoid
generating new traffic logs during indexing.
- After replacing an LPC as described in Replace a PA-7000 Series Log Processing Card (LPC), power on the chassis.If the firewall is in a high availability (HA) configuration, run the following commands to ensure that the firewall with the replacement LPC is in the suspend state:
admin@PA-7050> show high-availability state
If the firewall is active, suspend it by running the following CLI command:admin@PA-7050> request high-availability state suspend
If the firewall is not in an HA configuration, you must disable all NPCs, so traffic does not traverses the firewall during indexing.To check for active sessions, run the following command:admin@PA-7050> show session all
To clear all sessions, run the following command:admin@PA-7050> clear session all
To view the status of each NPC:admin@PA-7050> show chassis status
For each NPC that is in the Up state, run the following command to power off the NPC(s):admin@PA-7050> request chassis admin-power-off slot <slot-number>
For example, if there is an NPC in slot 1, run the following command:admin@PA-7050> request chassis admin-power-off slot s1
Do the same for each installed NPC until all NPCs show AdminPowerOff. This ensures that network traffic will not traverse the firewall during indexing.Run the following commands to start indexing on the two logical drives (two RAID pairs):admin@PA-7050> request metadata-regenerate slot 1 :admin@PA-7050> request metadata-regenerate slot 2
You can start a second SSH session to the firewall and run the second command to simultaneously re-index both logical drives. If your session stops responding during the indexing process, re-establish a new connection.Monitor the indexing progress. This process may take several hours, depending on the amount of data on the drives.Run the following commands to view the progress log for the first logical RAID pair:On a PA-7080 firewall, in the following commands, replace S8lp-log with S7lp-log. This is required because the LPC on a PA-7080 firewall is installed in slot 7.admin@PA-7050> less s8lp-log vld-0-0.log
Periodically view the log until you see the following:Done generating metadata for LD:0
Do the same to check the status of the second logical RAID pair as indicated in log vld-1-0.log:admin@PA-7050> less s8lp-log vld-1-0.log
When the indexing is complete on the second logical drive, you will see the following in the vld-1-0.log output:Done generating metadata for LD:1
After both logical drives complete the indexing process, check the status of the drives as described in Verify the PA-7000 Series Firewall LPC Configuration.If your NPCs are powered off or disabled, bring them back up by running the following commands.To view the status of each NPC:admin@PA-7050> show chassis status
For each NPC that is in the AdminPowerOff state, run the following command:admin@PA-7050> request chassis admin-power-on slot <slot-number>
For example, if there is an NPC in slot 1, run the following command:admin@PA-7050> request chassis admin-power-on slot s1
For each NPC that is in the disabled state, run the following command to enable the slot it is in:admin@PA-7050> request chassis enable slot <slot-number>
For example, if there is an NPC in slot 3, run the following command:admin@PA-7050> request chassis enable slot s3
Do the same for each installed NPC until all NPCs are in the Up state.If the firewall is in an HA configuration and you suspended it, set the state to functional by running the following command:admin@PA-7050> request high-availability state functional
Use the CLI or web interface to check that the logs now appear. For example, run the following CLI command and press the q key to exit the log output:admin@PA-7050> show log traffic
For example:A maximum of 500 of last 7 day's logs will be displayed. Please use 'scp export log ...' if more logs are needed Time App From Src Port Source Rule Action To Dst Port Destination Src User Dst User End Reason ========================================================== 2015/01/18 07:14:12 incomplete EDM-Vwire-Vsys5 36502 10.43.5.17 EDM-Vsys5-Sec-Pol-2 allow EDM-Vwire-Vsys5 135 10.5.40.161 aged-out 2015/01/18 08:06:39 incomplete EDM-Vwire-Vsys5 40706 10.43.5.17 EDM-Vsys5-Sec-Pol-2 allow EDM-Vwire-Vsys5 135 10.5.40.161 aged-out
You can also use the web interface to view logs. For example, to view the traffic logs, select MonitorLogsTraffic.