This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Configuration of Logs PA220 - log database exceeds alarm

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Configuration of Logs PA220 - log database exceeds alarm

clonesheep
L3 Networker

‎11-10-2017 06:43 AM

Hi,

 

I just can't get a handle on logging. Currently the PA220 reports with PanOS 8.0.5 "Current size (357 MB) of threat log database exceeds alarm threashold value (90%) of total allowed size (368MB").

 

I have already tried to change the quota % values under Device -> Management -> Logging and Reporting Settings. But how do I get the PA to say that if 90% logs have been reached, then delete the oldes one? I don't want the file system to fill up and the PA to stop running.

 

What would be yours best practices?

I also move the logs traffic, threat, url, data, and logs by Sheduled Log Export Job via FTP every day. Are these all Logs or what is database logs?

 

My device is only around 10days active and then the space of logs full? Very sad.

0 Likes Likes
1 REPLY 1

BPry
Cyber Elite
Cyber Elite

‎11-10-2017 07:21 AM

@clonesheep,

The firewall automatically deletes logs that exceed the expiration period if you've set one. Once your storage quota for that log has been reached the firewall will automatically delete older logs to create space, regardless of expiration period. 

The only time that this should ever not be true, is if you've enabled the 'Stop Traffic when LogDb Full' feature under the Logging and Reporting Settings on the device. 

 

The PA220 does not have a lot of storage, by the very nature of the device. Total you have 32GB to share for logging, the actual OS, software updates, and all that other good stuff. Look at setting up Log Forwarding on the device and put these logs in a location that you maintain without the need for an FTP job. It also is probably worth looking at what you are actually logging, do you actually care to maintain all of this informaiton. 

With the amount of logs that get generated it isn't shocking to here that a 220 is only capable of handling 10 days of logs; if you actually care about logging and need to keep over 368MBs of logs you'll need to setup Log Forwarding and offload these logs to another location. The 220 is a very capable device, but it certaintly doesn't have a large amount of storage. 

  • 1909 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks