https://live.paloaltonetworks.com/t5/general-topics/long-term-log-retention-and-analysis/m-p/17007#M12409 <HTML><HEAD></HEAD><BODY><P>We're currently utilizing Panorama sitting on 2TB of SAN-attached disk to retain as many logs as possible. However, even with 2TB of disk, we're not able to reach our stated policy goal of retaining six months of logging data (we log an awful lot of data).</P><P></P><P>I've looked into the scheduled log export facilities available on the 4020s, but it looks like Panorama (at least version 3.0.6) doesn't have an equivalent option. We'd much prefer to back up logs from Panorama to long-term storage, rather than from the individual 4020s. However, the bigger question is how customers perform forensic work on logs that have been taken off the Panorama engine. We're debating setting up another Panorama installation, but how logs would be exported and then reimported into this engine isn't clear.</P><P></P><P>I'm interested in hearing if other organizations have encountered similar issues, and if so what creative solutions they may have developed for longer-term retention and analysis.</P><P></P><P>Thanks</P></BODY></HTML> Thu, 01 Apr 2010 20:48:05 GMT jwherbert 2010-04-01T20:48:05Z https://live.paloaltonetworks.com/t5/general-topics/long-term-log-retention-and-analysis/m-p/17007#M12409 <HTML><HEAD></HEAD><BODY><P>We're currently utilizing Panorama sitting on 2TB of SAN-attached disk to retain as many logs as possible. However, even with 2TB of disk, we're not able to reach our stated policy goal of retaining six months of logging data (we log an awful lot of data).</P><P></P><P>I've looked into the scheduled log export facilities available on the 4020s, but it looks like Panorama (at least version 3.0.6) doesn't have an equivalent option. We'd much prefer to back up logs from Panorama to long-term storage, rather than from the individual 4020s. However, the bigger question is how customers perform forensic work on logs that have been taken off the Panorama engine. We're debating setting up another Panorama installation, but how logs would be exported and then reimported into this engine isn't clear.</P><P></P><P>I'm interested in hearing if other organizations have encountered similar issues, and if so what creative solutions they may have developed for longer-term retention and analysis.</P><P></P><P>Thanks</P></BODY></HTML> Thu, 01 Apr 2010 20:48:05 GMT https://live.paloaltonetworks.com/t5/general-topics/long-term-log-retention-and-analysis/m-p/17007#M12409 jwherbert 2010-04-01T20:48:05Z https://live.paloaltonetworks.com/t5/general-topics/long-term-log-retention-and-analysis/m-p/17008#M12410 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>you may want to investigate using Saw mill or Splunk. These two solutions have been the most popular by far by most of our customers for organizing and archiving logs and generating robust reports.</P></BODY></HTML> Mon, 05 Apr 2010 19:56:41 GMT https://live.paloaltonetworks.com/t5/general-topics/long-term-log-retention-and-analysis/m-p/17008#M12410 swhyte 2010-04-05T19:56:41Z