Migrate Panorama Logs to the New Log Format
Table of Contents
PAN.OS 11.1 & Later
Expand all | Collapse all
-
-
- Upgrade Panorama with an Internet Connection
- Upgrade Panorama Without an Internet Connection
- Install Content Updates Automatically for Panorama without an Internet Connection
- Upgrade Panorama in an HA Configuration
- Migrate Panorama Logs to the New Log Format
- Upgrade Panorama for Increased Device Management Capacity
- Upgrade Panorama and Managed Devices in FIPS-CC Mode
- Downgrade from Panorama 11.1
- Troubleshoot Your Panorama Upgrade
-
- What Updates Can Panorama Push to Other Devices?
- Schedule a Content Update Using Panorama
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade a ZTP Firewall
- Revert Content Updates from Panorama
-
Migrate Panorama Logs to the New Log Format
After you upgrade to a Panorama 8.0 or later
release, Panorama Log Collectors use a new log storage format. Because
Panorama cannot generate reports or ACC data from logs in the pre-8.0-release
log format after you upgrade, you must migrate the existing logs
as soon as you upgrade Panorama and its Log Collectors from a PAN-OS®
7.1 or earlier release to a PAN-OS 8.0 or later release and you
must do this before you upgrade your managed firewalls. Panorama
will continue to collect logs from managed devices during the log
migration but will store the incoming logs in the new log format
after you upgrade to a PAN-OS 8.0 or later release. For this reason,
you will see only partial data in the ACC and in Reports until Panorama completes
the log migration process.
Log migration to the new
format is a one time task that you must perform when you upgrade
to PAN-OS 8.0 or later release (or when you upgrade to PAN-OS 8.0
as part of your upgrade path); you do not need to perform this migration
again when you upgrade to a later PAN-OS release.
The
amount of time Panorama takes to complete the log migration process
depends on the volume of new logs being written to Panorama and
the size of the log database you are migrating. Because log migration
is a CPU-intensive process, begin the migration during a time when
the logging rate is lower. You can always stop migration during
peak times if you notice that CPU utilization rates are high and
resume the migration when the incoming log rate is lower.
After
you Install
Content and Software Updates for Panorama and upgrade the
Log Collectors, migrate the logs as follows:
- View the incoming logging rate.For best results, start log migration when the incoming log rate is low. To check the rate, run the following command from the Log Collector CLI:
admin@FC-M500-1> debug log-collector log-collection-stats show incoming-logsHigh CPU utilization (close to 100%) during log migration is expected and operations will continue to function normally. Log migration is throttled in favor of incoming logs and other processes in the event of resource contention.Start migrating the logs on each Log Collector to the new format.To begin the migration, enter the following command from the CLI of each Log Collector:admin@FC-M500-1> request logdb migrate lc serial-number <ser_num> startView the log migration status to estimate the amount of time it will take to finish migrating all existing logs to the new format.admin@FC-M500-1> request logdb migrate lc serial-number <ser_num> status Slot: all Migration State: In Progress Percent Complete: 0.04 Estimated Time Remaining: 451 hour(s) 47 min(s)Stop the log migration process.To temporarily stop the log migration process, enter the following command from the Log Collector CLI:admin@FC-M500-1 request logdb migrate lc serial-number <ser_num> stop