Please tell how much time frame can detailed logs can retain e.g traffic on panorama before they start to purge to summary database?
or if panorama data detailed logs work differently please tell.?
Logging is all based on available space rollover and not any summarization schedule. So how much you get is strictly a matter of the volume of logs generated and the averrable size of storage.
I am having issue of generating Traffic Log report of particular vsys of firewall using panorama (detailed logs(slower) Panorama Data)
the report of a month period of time or longer span of time, when summary database panorama data is used, it generates reports and also with remote device Data.
where as (detailed logs(slower) Panorama Data) is not generating custom report for longer time span.
Is there any documentation regarding Detailed logs reporting for panorama.
What I would be interested to know is if you are able to generate the same detailed traffic report for a time period of 1 month or shorter? as you say longer does not work.??
As Steven Puluka stated:
"Logging is all based on available space rollover and not any summarization schedule. So how much you get is strictly a matter of the volume of logs generated and the averrable size of storage."
So, to answer your question.. it might be possible to perform this if the logs still contain the data.
If you were able to run 1 month, and have it work, but longer than a month has issues, then would it be possible to run 2 reports, but each one handles 1 month? Make a custom time, and see if that works for you, if possible.
There might also be issues with the source of the reporting for longer than a month.
If that is the case, then a support case needs to be opened for this.
So to increase the length of time you have detailed logging you have two options that will help.
Assign Panorama a maximum sized logging partition.
Reduce the number of logs you generate by only logging rules and parameters you will use.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!