Ok so I guess my logs dont even collect for 24 hours due to my log storage being about 7GB. Silly people who set this up I swear. So I am trying to figure out how much I do need.
I have a PA-500, PA-820, PA-3050 (x2, they are HA pair) and a PA-3020.
Now this article shows how many logs per second, but how do I determine what my log collection per day is? I assume its based on what logs I am collection and what sev level correct?
yes it does. Having an logging enviroment with alot of quick sesions, will fill that up a lot quicker than an enviroemtn with not many sesions that move alot of data.
for my enviroment 500gb is a bit over a month of data. 120gb was around a week, but we log every rule, and have multiple DMZ zones.
If you are running in legacy mode, you can only have 1 dedicated log disk, and if you need to change it, you loose all logs and start over. if you are running in "panorama" mode you have more flexabiltiy to add or remove disks.
I believe in a normal install, loging is part of the install disk, so you can easly add a dedicated disk easly without losing logs in any mode.
Most likely you are in legacy mode,.. Panorama has some steep CPU requirements. (24 I beleive)
to check the mode you are in, from a SSH sesion run the following command.
> show system info
at the bottom you should see this line,
Here is a link with the diffrences.
mostly its just the volume of logs, and the size of disk supported. (8TB vs 24TB)
Do you have a single install disk on your VM, or two?
Looks like one disk currently.
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 4.0G 2.4G 1.5G 62% /
/dev/sda5 24G 6.4G 17G 29% /opt/pancfg
/dev/sda6 4.0G 2.4G 1.4G 64% /opt/panrepo
tmpfs 2.0G 110M 1.9G 6% /dev/shm
cgroup_root 2.0G 0 2.0G 0% /cgroup
/dev/sda8 12G 5.0G 6.4G 44% /opt/panlogs
Looks like it will be easy. you just need to add a disk, and your logs will be automaticly moved over.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!