How to Change the Configuration Audit Version Limit
Resolution
Overview
Configuration Audit versions are useful for rolling a Palo Alto Networks firewall back to a past configuration or for the purpose of comparing the modifications made across commits. This document explains how to change the limit of saved audit versions using the WebUI and CLI.
Details
The Palo Alto Networks firewall stores Configuration Audit versions each time a commit is performed. The list of configuration versions, along with the associated commit timestamp, can be viewed on the WebUI:
- Go to Device > Setup > Operations
- Under the Configuration Management section, click Load configuration version
A comparison between two versions of configurations (including the candidate configuration) can be performed and viewed at: Device > Config Audit.
The number of configuration audit versions the system will save has a configurable range of 1-1048576 with a default of 100. The number specifies the maximum number of audit versions that stored before discarding the oldest ones.
Set the number of audit versions on the WebUI
- Go to: Device > Setup
- In the Management>Logging and Reporting Settings section, update the value for: Number of Versions for Config Audit
Set the number of audit versions on the CLI
# set deviceconfig setting management max-audit-versions <1-1048576>
# commit
owner: akawimandan