Log Retention

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Log Retention

L0 Member

I forward all my device logs to Panorama.  I just noticed that the logs only go back 1 day. How can I enable longer retention?  Is there a setting for that?

2 REPLIES 2

L2 Linker

It'll all depend on how many logs you are sending to the Panorama and how much space it can handle. If you are sending millions per day, the Panorama is most likely is purging the logs to make room for the new logs coming in. 

 

If you have a physcial Panorama (M-100 or M-500) you can add more hard drives. If it is a virtual Panorama, you can get your vm team to add more storage on the backend to allow you to allocate more log storage. I've seen people with TBs worth of storage because they needed to keep X amount of months and were logging millions of logs per day from their firewalls.

 

 

https://www.paloaltonetworks.com/documentation/71/panorama/panorama_adminguide/set-up-panorama/expan...

 

 

 

- Peter

Traffic log queries on our Panorama (VM, running PAN-OS 7.1.15) is very slow if we retain logs for more than a couple of weeks. This with a 1TB disk. PAN-OS 8 is supposed to fix this.

  • 4662 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!