07-18-2023 02:25 AM
Hi Team,
By default i see the logging configuration it is pointing to Panorama. But we are not managing the firewall using Panorama, we are managing it locally. Can we configure the logging to be logged locally only like live logs max of 100mb should be stored for troubleshooting purpose and then auto delete.
Regards,
Sanjay S
08-22-2023 07:32 AM
If you sent the logs to a syslog server they would be visible via the syslog server, not through the monitor tab. It's a work around primarily for people that mistakenly purchase a PA-410 without realizing that it doesn't store any dataplane logs locally and is meant to be used with Panorama, when they really should have purchased a PA-415.
If you're using a VM series device that leads me to two possible scenarios:
07-18-2023 06:17 AM
Did you by chance purchase a PA-410? While this can be utilized without Panorama, that isn't the intent of that hardware. It also has no local logging capabilities from a dataplane aspect. It has very limited logging capabilities for management logs (system/configuration) and absolutely nothing else.
Any other piece of hardware it wouldn't default to Panorama nor would it be configured to send logs to Panorama by default. You would control that via log forwarding, and you can configure your log retention under Device -> Setup -> Management -> Logging and Reporting Settings if you wanted to set the quata and the maximum retention from a length aspect.
07-25-2023 03:21 AM
Hello
Here's a general outline of the steps you can follow:
Access the Firewall Management Interface: Log in to the firewall management interface using your preferred method, such as a web browser or SSH.
Navigate to Logging Settings: Once logged in, navigate to the logging settings section. The exact location of this setting may vary depending on the firewall model and software version you are using. Look for options related to logging and log settings.
Change Logging Destination: In the logging settings, you should find an option to specify the logging destination. Switch the destination from Panorama to local storage or a local syslog server.
Configure Local Log Size and Retention: You can set the maximum size of the local log file to limit it to 100 MB, as per your requirement. Additionally, you can configure the log retention settings to automatically delete old logs once they reach a certain age or when the log file is full.
Save and Apply Changes: After making the necessary adjustments to the logging settings, save the changes and apply them to the firewall.
Hope it helps you.
08-22-2023 05:06 AM
Hi @BPry ,
We have VM Firewalls which are being managed locally. Not via Panorama. So if i start sending the logs to Syslog server will that be visible in Monitor tab?
Regards,
Sanjay S
08-22-2023 07:32 AM
If you sent the logs to a syslog server they would be visible via the syslog server, not through the monitor tab. It's a work around primarily for people that mistakenly purchase a PA-410 without realizing that it doesn't store any dataplane logs locally and is meant to be used with Panorama, when they really should have purchased a PA-415.
If you're using a VM series device that leads me to two possible scenarios:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
