https://live.paloaltonetworks.com/t5/general-topics/configuration-of-logs-pa220-log-database-exceeds-alarm/m-p/186457#M56878 <P>Hi,</P><P>&nbsp;</P><P>I just can't get a handle on logging. Currently the PA220 reports with PanOS 8.0.5 "Current size (357 MB) of threat log database exceeds alarm threashold value (90%) of total allowed size (368MB").</P><P>&nbsp;</P><P>I have already tried to change the quota % values under Device -&gt; Management -&gt; Logging and Reporting Settings. But how do I get the PA to say that if 90% logs have been reached, then delete the oldes one? I don't want the file system to fill up and the PA to stop running.</P><P>&nbsp;</P><P>What would be yours best practices?</P><P>I also move the logs traffic, threat, url, data, and logs by Sheduled Log Export&nbsp;Job via FTP every day. Are these all Logs or what is database logs?</P><P>&nbsp;</P><P>My device is only around 10days active and then the space of logs full? Very sad.</P> Fri, 10 Nov 2017 14:43:48 GMT clonesheep 2017-11-10T14:43:48Z https://live.paloaltonetworks.com/t5/general-topics/configuration-of-logs-pa220-log-database-exceeds-alarm/m-p/186457#M56878 <P>Hi,</P><P>&nbsp;</P><P>I just can't get a handle on logging. Currently the PA220 reports with PanOS 8.0.5 "Current size (357 MB) of threat log database exceeds alarm threashold value (90%) of total allowed size (368MB").</P><P>&nbsp;</P><P>I have already tried to change the quota % values under Device -&gt; Management -&gt; Logging and Reporting Settings. But how do I get the PA to say that if 90% logs have been reached, then delete the oldes one? I don't want the file system to fill up and the PA to stop running.</P><P>&nbsp;</P><P>What would be yours best practices?</P><P>I also move the logs traffic, threat, url, data, and logs by Sheduled Log Export&nbsp;Job via FTP every day. Are these all Logs or what is database logs?</P><P>&nbsp;</P><P>My device is only around 10days active and then the space of logs full? Very sad.</P> Fri, 10 Nov 2017 14:43:48 GMT https://live.paloaltonetworks.com/t5/general-topics/configuration-of-logs-pa220-log-database-exceeds-alarm/m-p/186457#M56878 clonesheep 2017-11-10T14:43:48Z https://live.paloaltonetworks.com/t5/general-topics/configuration-of-logs-pa220-log-database-exceeds-alarm/m-p/186466#M56879 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43193">@clonesheep</a>,</P><P>The firewall automatically deletes logs that exceed the expiration period if you've set one. Once your storage quota for that log has been reached the firewall will automatically delete older logs to create space, regardless of expiration period.&nbsp;</P><P>The&nbsp;<EM>only</EM> time that this should ever&nbsp;<STRONG>not</STRONG> be true, is if you've enabled the 'Stop Traffic when LogDb Full' feature under the Logging and Reporting Settings on the device.&nbsp;</P><P>&nbsp;</P><P>The PA220 does not have a lot of storage, by the very nature of the device. Total you have 32GB to share for logging, the actual OS, software updates, and all that other good stuff. Look at setting up Log Forwarding on the device and put these logs in a location that you maintain without the need for an FTP job. It also is probably worth looking at what you are actually logging, do you actually care to maintain all of this informaiton.&nbsp;</P><P>With the amount of logs that get generated it isn't shocking to here that a 220 is only capable of handling 10 days of logs; if you actually care about logging and need to keep over 368MBs of logs you'll need to setup Log Forwarding and offload these logs to another location. The 220 is a very capable device, but it certaintly doesn't have a large amount of storage.&nbsp;</P> Fri, 10 Nov 2017 15:21:59 GMT https://live.paloaltonetworks.com/t5/general-topics/configuration-of-logs-pa220-log-database-exceeds-alarm/m-p/186466#M56879 BPry 2017-11-10T15:21:59Z