- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-03-2014 10:40 AM
Pardon if this is a repost but I am new and could not find anything similar.
Right now our 3020 unit seems to only be getting 4 or 5 days worth of log information before it fills up. We would like to have access for the last 30 days if possible. Is there a way to backup the monitor logs and then be able to search them later if called upon? Oh, yeah, there is zero budget for this.
I do have an automated daily backup of the running-config.xml via scp cobbled together at the moment. Not sure if that could be useful.
Thanks,
Todd
04-03-2014 11:20 AM
The easiest thing that we would recommend you do because there is no budget for a Panorama server to forward the Firewall logs to, would be to get a Syslog server, and setup log forwarding to the Syslog server.. that way you could have more than just 4-5 days of logs. Not that easy to read the logs or do reporting, but you still have them.
I hope this helps.
04-04-2014 08:56 AM
I had the same problem as You, please check this Policy with "Log at Session Start" option - how to find it?
or even remove loggin on policies for DNS/or any other "good" traffic.
Hope it could help You
Regards
Slawek
04-05-2014 11:01 AM
I don't know of a way to automate log backup, but you can export them and copy them off the firewall as outlined in the document below.
04-07-2014 01:29 AM
Maybe it also helps to keep log usage lower by enabling "log container page only" in the URL Filtering Profile.
You could also try to fetch the logs by using the XML API.
PAN-OS and Panorama XML API Reference Guide 6.0
PAN-OS and Panorama 5.0 XML API Usage Guide
HTH
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!