I think this is pretty weak. Most companies like myself buy a management platform is to manage logs. This helps us with compliance with certain laws/guidelines, etc. If there is zero visibility into log retention and storage then a major reason why we purchased this product is gone. We'll need to export this to yet another system. That's lame.
What's the enhancement request process like?
I think there may be some confusion over file management vs. log management. We don't expose the underlying raw files used to store all of the logs/events, but we do have the ability to control how much of the available space is used for each log type and you can allocate additional needed space to be used for logging if you need longer storage durations for a given event type. Panorama certainly doesn't replace a third-party log management infrastructure, but in some cases it may cover what is needed for basic retention requirements.
Thanks for all the responses. Mike, if the software wont manage logs or provide access to users to manage the logs, then it shouldnt be sold as a management platform. This is a critical function and I cant imagine its hard to add the funtionality. Users are looking for a way to see what dates are included in the logs. I dont see how Panorama can replace even basic retention requirements when there is no easy way to see what dates are still on the box. There should be an option to purge or move logs older then a certain date. Thats my opinion and I'll pass it on to my Sales Rep.
another important feature that PAN doesn't have (as far as I know) is the ability to create and manage different reports per each Access Domain or Devices Group and send them via FTP (per Access Domain/Devices Group).
Am I wrong?
We are not talking about a File Management station but something that a FW Management station must have when you use it to manage different customer.
You can view the oldest log on the Panorama system (or FW) by switching the sorting order from "DESC" to "ASC" in the lower right dropdown. If set to "ASC" for ascending you will see the oldest log on the top of the table.
You can view the current free space on each log DP partition under "Device/Panorama > Setup" in the Management "Log Storage" configuration, however after running for a while the partitions will be full and begin auto-deleting the oldest logs to make room for the new ones. This makes monitoring free space less helpful in the long run.
If you use NFS for log storage, you can view folders which are created daily that contain the DB files associated with that day. These folders can be backed up if needed to meet longer term retention requirements. I believe you could write a script to monitor the folders and purge/move entire folders older than a specific date. A filer can be used for the NFS storage which, depending on vendor/model, may offer auto-backup, recovery, and failure protection.
A year later and this situation has not been improved at all by Palo Alto. My URL log database filled up a month ago and I have no way to automatically clear old data. Now a Palo Alto tech will tell me to write a script or to get in the CLI and run some command. I ask them to take a look at the Websense reporting products. There is an easy way to schedule and purge any logs older then 3 months. It's unreal to me that this isnt included.
Hi...The log DBs should be auto rotating and the oldest entries will be removed to make room for new logs. You shouldn't have to manually purge the log. You can also allocate disk space to the URL log DB to meet your need.
If you changed the default logging behavior from auto delete to stop logging once disk is full, then the logging will stop once the disk space is full. Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!