Document:PA-7000 Series Firewall Hardware Reference

Re-Index the LPC Drives

Filter

Re-Index the LPC Drives

If you reuse the drives from a failed Log Processing Card (LPC) when installing a new LPC, you must install the drives in the same order in which they were removed from the old LPC and then re-index the log metadata. This ensures that the firewall properly displays the logs that are on the drives. The following example is for a PA-7050 firewall. Use the same procedure for a PA-7080 firewall, but use S7 instead of S8 as the LPC slot number in the log view step.

If you are using a data port on an NPC for management access, you must reconnect to the firewall using the console port because you will shut down all NPCs to avoid generating new traffic logs during indexing.

After replacing an LPC as described in Replace a PA-7000 Series Log Processing Card (LPC), power on the chassis.

If the firewall is in a high availability (HA) configuration, run the following commands to ensure that the firewall with the replacement LPC is in the suspend state:

admin@PA-7050> show
high-availability state

If the firewall is active, suspend it by running the following CLI command:

admin@PA-7050> request
high-availability state suspend

If the firewall is not in an HA configuration, you must disable all NPCs, so traffic does not traverses the firewall during indexing.

To check for active sessions, run the following command:

admin@PA-7050> show
session all

To clear all sessions, run the following command:

admin@PA-7050> clear
session all

To view the status of each NPC:

admin@PA-7050> show
chassis status

For each NPC that is in the

state, run the following command to power off the NPC(s):

admin@PA-7050> request
chassis admin-power-off slot <slot-number>

For example, if there is an NPC in slot 1, run the following command:

admin@PA-7050> request
chassis admin-power-off slot s1

Do the same for each installed NPC until all NPCs show

AdminPowerOff

. This ensures that network traffic will not traverse the firewall during indexing.

Run the following commands to start indexing on the two logical drives (two RAID pairs):

admin@PA-7050> request
metadata-regenerate slot 1 
:admin@PA-7050> request metadata-regenerate slot 2

You can start a second SSH session to the firewall and run the second command to simultaneously re-index both logical drives. If your session stops responding during the indexing process, re-establish a new connection.

Monitor the indexing progress. This process may take several hours, depending on the amount of data on the drives.

Run the following commands to view the progress log for the first logical RAID pair:

On a PA-7080 firewall, in the following commands, replace

S8lp-log

with

S7lp-log

. This is required because the LPC on a PA-7080 firewall is installed in slot 7.

admin@PA-7050> less
s8lp-log vld-0-0.log

Periodically view the log until you see the following:

Done generating metadata for LD:0

Do the same to check the status of the second logical RAID pair as indicated in log vld-1-0.log:

admin@PA-7050> less
s8lp-log vld-1-0.log

When the indexing is complete on the second logical drive, you will see the following in the vld-1-0.log output:

Done generating metadata for LD:1

After both logical drives complete the indexing process, check the status of the drives as described in Verify the PA-7000 Series Firewall LPC Configuration.

If your NPCs are powered off or disabled, bring them back up by running the following commands.

To view the status of each NPC:

admin@PA-7050> show
chassis status

For each NPC that is in the

AdminPowerOff

state, run the following command:

admin@PA-7050> request
chassis admin-power-on slot <slot-number>

For example, if there is an NPC in slot 1, run the following command:

admin@PA-7050> request
chassis admin-power-on slot s1

For each NPC that is in the

disabled

state, run the following command to enable the slot it is in:

admin@PA-7050> request chassis enable slot <slot-number>

For example, if there is an NPC in slot 3, run the following command:

admin@PA-7050> request chassis enable slot s3

Do the same for each installed NPC until all NPCs are in the

state.

If the firewall is in an HA configuration and you suspended it, set the state to functional by running the following command:

admin@PA-7050> request
high-availability state functional

Use the CLI or web interface to check that the logs now appear. For example, run the following CLI command and press the q key to exit the log output:

admin@PA-7050> show
log traffic

For example:

A maximum of 500 of last 7 day's logs will be displayed. 
Please use 'scp export log ...' if more logs are needed 
Time                App             From                            Src Port          Source 
Rule                Action          To                              Dst Port          Destination 
                    Src User        Dst User                        End Reason 
========================================================== 
2015/01/18 07:14:12 incomplete      EDM-Vwire-Vsys5                 36502             10.43.5.17 
EDM-Vsys5-Sec-Pol-2 allow           EDM-Vwire-Vsys5                 135               10.5.40.161 
                                                                    aged-out 
2015/01/18 08:06:39 incomplete      EDM-Vwire-Vsys5                 40706             10.43.5.17 
EDM-Vsys5-Sec-Pol-2 allow           EDM-Vwire-Vsys5                 135               10.5.40.161 
                                                                    aged-out

You can also use the web interface to view logs. For example, to view the traffic logs, select

Monitor

Logs

Traffic

Document:PA-7000 Series Firewall Hardware Reference

Re-Index the LPC Drives

Table of Contents

Re-Index the LPC Drives

Most Popular

Recommended For You

Document:PA-7000 Series Firewall Hardware Reference

Re-Index the LPC Drives

Table of Contents

Re-Index the LPC Drives

Most Popular

Recommended For You

Recommended Videos