https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417580#M93573 <P>If you're a Cortex Pro customer as well, the usage by Data Lake will be high. Just QoS the app on the box, give it a set bandwidth if it's causing troubles. (<A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/quality-of-service/configure-qos.html" target="_self">docs</A>)</P> Wed, 07 Jul 2021 17:28:39 GMT LAYER_8 2021-07-07T17:28:39Z https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417360#M93534 <P>Dear community!</P><P>&nbsp;</P><P>We are sending logs to cortex data lake and we noticed high traffic volume for the sessions concerning log forwarding, with peaks up to 200GB of data sent.&nbsp;</P><P>&nbsp;</P><P>Do you know if this volume of traffic can be normal?</P><P>Also, is there any documentation on how logs are being sent to CDL or how would you troubleshoot this issue?</P><P>&nbsp;</P><P>Thank you in advance!</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 06 Jul 2021 22:27:58 GMT https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417360#M93534 Carracido 2021-07-06T22:27:58Z https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417562#M93567 <P>Hello,</P><P>Check your log sources for what they are sending. If its the Firewalls, make sure you are only logging at session end. Also you can filter what is sent to the data lake, if you wish to limit the data, but its a data lake so I say the more the merrier.</P><P>Regards,</P> Wed, 07 Jul 2021 16:20:44 GMT https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417562#M93567 OtakarKlier 2021-07-07T16:20:44Z https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417580#M93573 <P>If you're a Cortex Pro customer as well, the usage by Data Lake will be high. Just QoS the app on the box, give it a set bandwidth if it's causing troubles. (<A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/quality-of-service/configure-qos.html" target="_self">docs</A>)</P> Wed, 07 Jul 2021 17:28:39 GMT https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417580#M93573 LAYER_8 2021-07-07T17:28:39Z https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417601#M93577 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/186790">@Bearden</a>&nbsp;</P><P>Sorry for this question, but could you explain thia again? I don't understand what you are trying to tell us.</P> Wed, 07 Jul 2021 19:45:44 GMT https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417601#M93577 Remo 2021-07-07T19:45:44Z https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417602#M93578 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/24977">@Carracido</a>&nbsp;</P><P>Over what time do you see these 200 GB peaks or also where? Is this from the ACC tab on the firewall? In that case you might see the end of a session which was open for days or even weeks and these 200 GB were the result of this very long session.</P> Wed, 07 Jul 2021 19:46:03 GMT https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417602#M93578 Remo 2021-07-07T19:46:03Z https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417987#M93620 <P>Yes, those are sessions that stay alive for over a week.</P><P>&nbsp;</P><P>In some sessions I see also that bytes received from CDL are almost the same as bytes sent from the firewall. Is this because of log acknowledgment? If yes, how possible is so big the ack?</P><P>&nbsp;</P><P>Thank you!&nbsp;</P> Thu, 08 Jul 2021 22:58:49 GMT https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-to-cdl-is-generating-high-traffic-volume/m-p/417987#M93620 Carracido 2021-07-08T22:58:49Z