This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Logging and Change Management in Prisma Cloud

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Logging and Change Management in Prisma Cloud

patriciar
L1 Bithead

‎01-02-2024 08:16 AM

Summary:

  • There is currently a size limit of 128kb in compute console history logs.
  • It's likely to hit this limit and then only an error will display in the changes section: "diff size exceeded limit (128KB)".
  • This makes the history log useless for auditing a specific endpoint, as experienced by multiple users.

 

Are there ways to overcome this issue in the short and long term? Consider upvoting the idea linked below.

 

Hoping to get this issue to the relevant teams as logging is essential for Prisma Cloud configuration and change management monitoring. Can we please have this idea reviewed by the appropriate team? 

 

Idea source: Fix Manage>Logs>History | Prisma Cloud New Features Request Portal (aha.io)

0 Likes Likes
3 REPLIES 3

Brandon_Wertz
L6 Presenter

‎01-02-2024 11:20 AM

What is this related to as a function of Prisma?

0 Likes Likes

patriciar
L1 Bithead
In response to Brandon_Wertz

‎01-02-2024 02:43 PM

Hi Brandon - I'm looking at the audit logs available in Prisma Cloud Compute, under Manage -> View Logs.

 

As per documentation goes, 

"Administrative activity audit trail

All Prisma Cloud administrative activities are logged.

Changes to any settings (including previous and new values), changes to any rules (create, modify, or delete), changes to the credentials (create,modify, or delete), and all logon activity (success and failure) are logged. For every event, both the user name and source IP are captured."

 

Many of the log entries exceed the limit 128KB, which results in a log entry stating that fact. Do you know of a way to make these logs clearer?

 

Thanks

P

0 Likes Likes

Brandon_Wertz
L6 Presenter
In response to patriciar

‎01-03-2024 06:12 AM

@patriciar wrote:

Hi Brandon - I'm looking at the audit logs available in Prisma Cloud Compute, under Manage -> View Logs.

 

As per documentation goes, 

"Administrative activity audit trail

All Prisma Cloud administrative activities are logged.

Changes to any settings (including previous and new values), changes to any rules (create, modify, or delete), changes to the credentials (create,modify, or delete), and all logon activity (success and failure) are logged. For every event, both the user name and source IP are captured."

 

Many of the log entries exceed the limit 128KB, which results in a log entry stating that fact. Do you know of a way to make these logs clearer?

 

Thanks

P

Oh ok...My company doesn't use Prisma Cloud so I can't speak to running into this issue, but if there's a config audit limit and it's not even 1MB that seems really small.

  • 999 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks