- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-02-2018 07:17 AM
Hi,
I have a doubt regarding the aggressive disk cleaning feature introduced starting in PANOS 8.0.7. Details below.
To enable aggressive cleaning:
> debug software disk-usage aggressive-cleaning enable
To check if enabled (if enabled, this command will return output with True)
> show system state | match aggressive-cleaning
But my doubt is, what exactly the aggressive disk cleaning removes form the firewall (traffic logs, system logs,...) and in what is based this feature to delete that logs (oldest logs, size,..)?
Thanks in advance.
Regards,
Alberto
07-02-2018 10:08 AM
Essentially the only thing that this command does (that I'm aware) is delete the old log files instead of rotating through them. So essentially isntead of maintaining a copy of say 'mp-moniotr.log' and then also having mp-monitor.log.1 and mp-monitor.log.2 and so on you'll only have mp-monitor.log. Same with any system log file that would normally create a systemfile.log.old in addition to the functional systemfile.log.
This doesn't cause any issues with the system at all, however it does limit the ability to troubleshoot the system if you start running into any issues. That being said, it's easy to disable if you start needing to retain the old files for troubleshooting reasons.
07-03-2018 02:36 AM
@BPrythanks for your response.
I know that this feature remove all log files instead of rotate and maintain a copy of them.
My question is about from where this feature remove the logs: from management plane only? dataplane only? both? specific partitions on the firewall? all the partitions that are above 95% of use?
Thanks in advance.
Best regards,
07-03-2018 12:06 PM
All of it. It makes it so that your firewall doesn't maintain any .old or .1 logs at all, it will only use the current log file.
07-04-2018 07:21 AM
Hi @aespinosa
If you enter the below command into your firewall, you can get an idea about the logs that this command deletes; it's mainly the logs for the management plane and dataplane processes (devsrv.log, ikemgr.log, dp-monitor.log etc)
> delete debug-log dp-log file <hit tab>
> delete debug-log mp-log <hit tab>
The way that the firewall handles the log files is that: once a log file reaches 10MB, the file will be appended a ".1" and a new log file will be started. This process continues for log.1, log.2, log.3 and log.4 and log.old and then the log files will be rotated around.
In regards to what partitions this command is effective for, I'm not sure 100% but I would presume the root parition at a minumum.
Thanks,
Luke.
12-06-2018 06:32 PM
correct me if i am wrong this will only delete the MP logs?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!