URL Filtering Log Quota in Logging and Reporting Settings

Printer Friendly Page

Symptoms

When you navigate to Device > Setup > Management > Logging and Reporting settings, there is no provision to set the log quota for URL filtering logs.

 

URL logs.JPG

Diagnosis

URL filtering log database is a part of the threat database.

Solution

Because URL filtering log database is a part of the threat database, you could modify the threat log storage quota, based on your requirements. This would modify the quota for both the threat and URL filtering logs.

Comments

A feature request would be to seperate the threat log from the URL filtering log so that URL filtering logs could not exist.  This would be beneficial for legal purposes.

hi @greeng If you want to submit a feature request, you should reach out to a local sales team who can submit a feature request for you, we can't process feature requests through the live community

 

are there a specific type of URL filtering logs you do not want to see? for allowed access, you can change the 'alert' option in the profile to 'allow', this will ensure the access is not logged

for denied access the default stance is to log everything that's blocked

 

a workaround could be to set up log forwarding to a panorama system and only forward low severity and higher (URL logs are informational severity), then set the logdb on the firewall to be very small so after a day or so the logs get rolled over and anything that was not forwarded is deleted for ever

Thanks @reaper

 

It's all types of logs and content types.  I completed understand the need, and the reason why it is logged.  However, it also can create a burden (again, from a legal perspective) by retaining those logs.  

 

I did see where you can have time based deletion of logs, but that appears to be a situation where threat+URL filtering would be purged based on time.

 

I'll contact our sales team.

 

Thanks again. 

Hello there,
What should be the recommended logging and reporting setings on the PA-850?

hiu @ozayoz

 

This depends on your logging and reporting needs (retention, ingress volume)

If the default setting does not provide the desired amount of log, you can adjust the setting accordingly