Question Regarding Traffic Log DB Quota

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Question Regarding Traffic Log DB Quota

Not applicable

On of our customer, BRI, they found a system alarm which said "traffic log database exceed alarm threshold". Here's the screenshot:


Here's the log quota settings on their box:



Here's their real disk usage:


The question is, what will happen if the traffic log db exceed its threshold? I know from PAN support that if the traffic db exceed tha quota, it will be purged, but I don't know by purged, does that means the whole db is deleted, or the oldest traffic log entry got deleted? Or is it the newest log entry that will got deleted, so there'll be no newer traffic log entry, and the logging stopped?

And by any chance, is it possible to export these log db outside? I managed to re-read the admin guide also and didn't seems to find any clue regarding these.

Thanks before. :smileygrin:


L4 Transporter


The purging mechanism works as follows. The quota is checked each time a logdb file is rotated. If the quota threshold is violated then we start deleting logs starting from the oldest until the threshold is no longer exceeded. To see how often the logdb file is rotating, you can review the ms.log file for the following entry "Initing log file with version".

To answer the logdb export question: There is an option to export logs via ftp found in Device -> Scheduled Log Export

I hope this helps clear any doubts. Please let me know if I can help clarify further.



Hi Stefan,

I've tried to export through Device -> Scheduled Log Export, and it seems that it only export the last day traffic log.

I intend to backup the whole log, from the very oldest. Is it possible to do that?

I was able to export the entire logdb on 5.0.2 successfully with the following command:

> scp export logdb to root@

Alternatively you can export each log type in csv format:

> scp export log traffic start-time equal 2013/01/12@00:00:00 end-time equal 2013/01/26@00:00:00 to root@

root@'s password:

Marking log as exported successfully...

The downside to csv export is that a start and end time must be specified.

You can view the oldest log for each log type with command:

> show log traffic direction equal forward

Time                App             From            Src Port   Source

Rule                Action          To              Dst Port   Destination

                    Src User        Dst User


2013/01/13 14:10:55 web-browsing    l3-trust        64728

webtraffic     allow           l3-dmz          8080

- Stefan

L5 Sessionator


Here is a good doc on the alarm you mentioned

It also explains when the logs are purged

Hope this answers your question.

Thank you


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!