When are Logs Purged on the Palo Alto Networks Devices?

When are Logs Purged on the Palo Alto Networks Devices?

44040
Created On 09/26/18 13:51 PM - Last Modified 02/07/19 23:48 PM


Resolution


The threshold for when logs are purged depends on the Palo Alto Networks device and version of PAN-OS running on it:

  1. Palo Alto Networks firewalls
    Logs are stored in files and purged when the log quota is reached. When purged, Logs are deleted by the oldest date directory or log file (max. 1 million entry) on the day .
  2. Panorama-VM
    Logs are purged actively when 5% of the allocated quota is left or if the available space is less than 50 GB, whichever is lower
  3. M-100
    Logs are stored in blocks. We actively purge when 90% of the quota is reached. When we purge, we purge the oldest one hour time bucket.

Note: The log quota is checked each time a log file is rotated. If the quota threshold is violated then the system begins deleting logs starting from the oldest until the threshold is no longer exceeded. To see how often the log file is rotating, you can review the ms.log file for the following entry: "Initing log file with version".

See also

How to Eliminate Alarm Message: "Log Database Exceeds Alarm Threshold Value"

owner: kadak
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltoCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language