Migrate Panorama Logs to the New Log Format

After you upgrade to a Panorama™ 8.0 (or later) release, Panorama Log Collectors use a new log storage format. Because Panorama cannot generate reports or ACC data from logs in the pre-8.0-release log format after you upgrade, you must migrate the existing logs as soon as you upgrade Panorama and its Log Collectors from a PAN-OS® 7.1 or earlier release to a PAN-OS 8.0 or later release and you must do this before you upgrade your managed firewalls. Panorama will continue to collect logs from managed devices during the log migration but will store the incoming logs in the new log format after you upgrade to PAN-OS 8.0 or a later release. Additionally, Panorama migrates the most recent logs first and works towards the oldest logs. For this reason, you will see only partial data in the ACC and in Reports until Panorama completes the log migration process.
Log migration to the new format is a one time task that you must perform when you upgrade to PAN-OS 8.0 or later release; you do not need to perform this migration again when you upgrade to a later PAN-OS release. If you are upgrading from PAN-OS 7.1 to PAN-OS 8.1 or later release, you can perform the migration after you upgrade to your target PAN-OS release. If PAN-OS 8.0 is your target release then you must migrate logs to the new logging format upon successful upgrade.
The amount of time Panorama takes to complete the log migration process depends on the volume of new logs being written to Panorama, the size of the logging disks, quantity of logging disk pairs, the size of the log database you are migrating, CPU load, and available RAM. The log migration process is throttled to only use idle CPU cycles. Because log migration is a CPU-intensive process, begin the migration during a time when the logging rate is lower. You can always stop migration during peak times if you notice that CPU utilization rates are high and resume the migration when the incoming log rate is lower.
After you upgrade Panorama and upgrade the Log Collectors, migrate the logs as follows:
  • View the incoming logging rate.
    For best results, start log migration when the incoming log rate is low. To check the rate, run the following command from the Log Collector CLI:
    admin@M500-LC>
    debug log-collector log-collection-stats show incoming-logs
    High CPU utilization (close to 100%) during log migration is expected and operations will continue to function normally. Log migration is throttled in favor of incoming logs and other processes in the event of resource contention.
  • Start migrating the logs on each Log Collector to the new format.
    • To begin the migration, enter the following command from the Panorama CLI:
      admin@M500-MGR>
      request logdb migrate lc serial-number
      <ser_num>
      start
    or
    • To begin the migration, enter the following command from the CLI of each Log Collector:
      admin@M500-LC>
      request logdb migrate lc start
  • View the log migration status to estimate the amount of time it will take to finish migrating all existing logs to the new format.
    • From the Panorama CLI:
      admin@M500-MGR>
      request logdb migrate lc serial-number
      <ser_num>
      status
      Slot: all Migration State: In Progress Percent Complete: 0.04 Estimated Time Remaining: 451 hour(s) 47 min(s)
    or
    • From the CLI of each Log Collector:
      admin@M500-LC>
      request logdb migrate lc status
      Slot: all Migration State: In Progress Percent Complete: 0.04 Estimated Time Remaining: 5 hour(s) 32 min(s)
  • Stop the log migration process.
    • To temporarily stop the log migration process, enter the following command from the Panorama CLI:
      admin@M500-MGR
      request logdb migrate lc serial-number
      <ser_num>
      stop
    or
    • To temporarily stop the log migration process, enter the following command from the CLI of each Log Collector:
      admin@M500-LC
      request logdb migrate lc stop

Related Documentation