Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Panorama data detailed logs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama data detailed logs

L1 Bithead

hi Team

Please tell how much time frame can detailed logs can retain e.g traffic on panorama before they start to purge to summary database?

or if panorama data detailed logs work differently please tell.?

6 REPLIES 6

L7 Applicator

Logging is all based on available space rollover and not any summarization schedule.  So how much you get is strictly a  matter of the volume of logs generated and the averrable size of storage.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

I am having issue of generating Traffic Log report of particular vsys of firewall  using panorama (detailed logs(slower) Panorama Data)

the report of a month period of time  or longer span of time, when  summary database panorama data is used, it generates reports and also with remote device Data.

where as (detailed logs(slower) Panorama Data) is not generating custom report for longer time span.

Is there any documentation regarding Detailed logs reporting for panorama.

What I would be interested to know is if you are able to generate the same detailed traffic report for a time period of 1 month or shorter? as you say longer does not work.??

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

L1 Bithead

yes one month or shorter detailed logs can be generated.

Is it possible to generate and keep detailed logs over 1 month period time.?

As Steven Puluka stated:

"Logging is all based on available space rollover and not any summarization schedule.  So how much you get is strictly a  matter of the volume of logs generated and the averrable size of storage."

So, to answer your question.. it might be possible to perform this if the logs still contain the data.

If you were able to run 1 month, and have it work, but longer than a month has issues, then would it be possible to run 2 reports, but each one handles 1 month?  Make a custom time, and see if that works for you, if possible.

There might also be issues with the source of the reporting for longer than a month.

If that is the case, then a support case needs to be opened for this.

Regards,

Joe Delio

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

So to increase the length of time you have detailed logging you have two options that will help.

Assign Panorama a maximum sized logging partition.

Reduce the number of logs you generate by only logging rules and parameters you will use.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 5512 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!