Aggressive cleaning feature

Reply
Highlighted
L1 Bithead

Aggressive cleaning feature

Hi,

I have a doubt regarding the aggressive disk cleaning feature introduced starting in PANOS 8.0.7. Details below.

To enable aggressive cleaning:
> debug software disk-usage aggressive-cleaning enable

To check if enabled (if enabled, this command will return output with True)
> show system state | match aggressive-cleaning

But my doubt is, what exactly the aggressive disk cleaning removes form the firewall (traffic logs, system logs,...) and in what is based this feature to delete that logs (oldest logs, size,..)?

Thanks in advance.

Regards,


Alberto

Highlighted
Cyber Elite

@aespinosa,

Essentially the only thing that this command does (that I'm aware) is delete the old log files instead of rotating through them. So essentially isntead of maintaining a copy of say 'mp-moniotr.log' and then also having mp-monitor.log.1 and mp-monitor.log.2 and so on you'll only have mp-monitor.log. Same with any system log file that would normally create a systemfile.log.old in addition to the functional systemfile.log

This doesn't cause any issues with the system at all, however it does limit the ability to troubleshoot the system if you start running into any issues. That being said, it's easy to disable if you start needing to retain the old files for troubleshooting reasons. 

Highlighted
L1 Bithead

@BPrythanks for your response.

 

I know that this feature remove all log files instead of rotate and maintain a copy of them.

My question is about from where this feature remove the logs: from management plane only? dataplane only? both? specific partitions on the firewall? all the partitions that are above 95% of use?


Thanks in advance.

Best regards,

 

Highlighted
Cyber Elite

@aespinosa,

All of it. It makes it so that your firewall doesn't maintain any .old or .1 logs at all, it will only use the current log file. 

Highlighted
L5 Sessionator

Hi @aespinosa

 

If you enter the below command into your firewall, you can get an idea about the logs that this command deletes; it's mainly the logs for the management plane and dataplane processes (devsrv.log, ikemgr.log, dp-monitor.log etc)

 

> delete debug-log dp-log file <hit tab>

 

> delete debug-log mp-log <hit tab>

 

The way that the firewall handles the log files is that: once a log file reaches 10MB, the file will be appended a ".1" and a new log file will be started. This process continues for log.1, log.2, log.3 and log.4 and log.old and then the log files will be rotated around.

 

In regards to what partitions this command is effective for, I'm not sure 100% but I would presume the root parition at a minumum.

 

Thanks,

Luke.

Highlighted
Cyber Elite

correct me if i am wrong this will only delete the MP logs?

MP
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!