Long Term User Activity Logging/Reporting Options

Reply
jeff6strings
L2 Linker

Long Term User Activity Logging/Reporting Options

We have 2 3050 appliances (not in HA) managed by a Panorama VM. For now all are running version 7.0.x but we are upgrading to 7.1.x in coming months. We may have a requirement to retain user activity logs (mostly URL activity) for a minimum of 6 months to a year for around 1100 users. Looking for recommendations if we should increase our Panorama disk size to hold this amount of data or use dedicated log collectors which I really don't know much about.

Appreciate any help.

Jeff

Passionate about network infrastructure and all things Palo Alto Networks.

Accepted Solutions
Kaje
L2 Linker

You should be able to increase the logging size in panorama. 

If you click on the panorama tab -> setup -> Managment -> logging. and click on the gear, you can see how your current storage is alocated.  And change it as needed

 

If your disk size is small, you can add up to 1 disk if your panorama is running in legacy mode, More if your Panorama in running in Panorama mode. 

 

https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/panorama-overview/pan...

 

View solution in original post

BPry
Cyber Elite

@jeff6strings,

Biggest note is right here 'Up until 8.0 disk size cannot be extended by modifying the disk size. If the disk size is modified, the allocated log database size remains the same as before. The actual disk size will be increased, but the partition size will not be increased by Panorama VM' as long as you are only talking about adding an additonal disk specific for logs that is easy, but you won't be able to expand those disks once created unless you are running 8.0 

View solution in original post


All Replies
Kaje
L2 Linker

You should be able to increase the logging size in panorama. 

If you click on the panorama tab -> setup -> Managment -> logging. and click on the gear, you can see how your current storage is alocated.  And change it as needed

 

If your disk size is small, you can add up to 1 disk if your panorama is running in legacy mode, More if your Panorama in running in Panorama mode. 

 

https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/panorama-overview/pan...

 

View solution in original post

jeff6strings
L2 Linker

I was thinking of starting with expanding Panorama storage first. Our Panorama is in legacy mode and I read the article below but it seems too simple, is there something I should be aware of or more to it?

Thanks for the help.

Jeff

 

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Extend-Panorama-Logs-to-Dedicated-Lo...

Passionate about network infrastructure and all things Palo Alto Networks.
BPry
Cyber Elite

@jeff6strings,

Biggest note is right here 'Up until 8.0 disk size cannot be extended by modifying the disk size. If the disk size is modified, the allocated log database size remains the same as before. The actual disk size will be increased, but the partition size will not be increased by Panorama VM' as long as you are only talking about adding an additonal disk specific for logs that is easy, but you won't be able to expand those disks once created unless you are running 8.0 

View solution in original post

jeff6strings
L2 Linker

Thank you for all the help.

Jeff

Passionate about network infrastructure and all things Palo Alto Networks.
Kaje
L2 Linker

Also, converting from Legacy mode to Panorama mode wipes the current logs. 

 

the SCP backup options you see listed dont work for larger sizes.. mine is 110gb and I cant backup my logs to convert to panorama mode, it just stops after 26gb. I am working with support to get the backed up in some other way, so we dont loose everything when we convert. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!