Retention period for traffic logs on Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Retention period for traffic logs on Panorama

L4 Transporter

Hello Experts

 

What is the rention period for traffic logs on Panorama, I mean how many days it will keep the traffic logs from firewall. Actually I need to do the harden the security rules by looking the traffic logs.

1 accepted solution

Accepted Solutions

the 'show system logdb-quota command will tell you how much retention you are currently reaching:

 

.....

Disk usage:

traffic: Logs and Indexes: 1.1G Current Retention: 181 days

threat: Logs and Indexes: 3.5G Current Retention: 854 days

system: Logs and Indexes: 2.1G Current Retention: 1350 days

config: Logs and Indexes: 1.3G Current Retention: 1323 days

......

 

if there's room to change quotas around you can, but if that's not an option and you require more space, you can opt to add log collectors to your environment which come with far larger storage capacity and can be clustered to expand even further (the 'M' platform

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

11 REPLIES 11

L6 Presenter

Hi,

 

My guess it is similar way to the firewall, depend on your disk space configuration:

 

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Determine-How-Much-Disk-Space-is-All...

 

But l might be wrong as don't have a Panorama in the production

Cyber Elite
Cyber Elite

Log retention depends on several factors:

-amount of storage available

-log volume

 

once your log storage is depleted, panorama will automatically prune old logs to make room for fresh logs

 

you can customize the size of each logdb if needed (beware: changing the quota will purge the existing db)

 

you can check the quota :

 

> show system logdb-quota
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi @reaper

 

Thanks but can you please give me some commands to check for how long logs are there. I would like to keep security policies logs at least for 6 months. What I can do? Just increase the log storage but how much? Any pointer will be highly appreciated 

the 'show system logdb-quota command will tell you how much retention you are currently reaching:

 

.....

Disk usage:

traffic: Logs and Indexes: 1.1G Current Retention: 181 days

threat: Logs and Indexes: 3.5G Current Retention: 854 days

system: Logs and Indexes: 2.1G Current Retention: 1350 days

config: Logs and Indexes: 1.3G Current Retention: 1323 days

......

 

if there's room to change quotas around you can, but if that's not an option and you require more space, you can opt to add log collectors to your environment which come with far larger storage capacity and can be clustered to expand even further (the 'M' platform

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper Thanks. I am using virtual applicance, in this case can I use the log collectors?

yes you can, log collectors are supported both on the physical and virtual panorama

 

You can increase log capacity of the virtual appliance to 2TB by mounting an NFS volume for example, if that is enough capacity for your needs

 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

thank you

Thanks!

Simplicity is the friend of Security, whilst complexity is the Enemy. (Bruce Schneier) PCNSE,CCSA, SEC-Plus, CCNA Security

Hi @reaper,

 

At what time duration this timers will get refreshed, Let say current retention period is 180 days and how long it will take to change the retention period if the log volume is high. 

 

 

Snow

L0 Member

Hi All,

 

I run the "show system logdb-quota" in the Panorama but I can't get the information about traffic/threat quota.

Below is the result :

xx@panorama-01(primary-active)> show system logdb-quota

Quotas:
system: 30.00%, 4.021 GB Expiration-period: 0 days
config: 25.00%, 3.351 GB Expiration-period: 0 days
hip-reports: 1.00%, 0.134 GB Expiration-period: 0 days
appstat: 35.00%, 4.692 GB Expiration-period: 0 days

Disk usage:
system: Logs and Indexes: 4.0GB Current Retention: 39 days
config: Logs and Indexes: 763.9MB Current Retention: 1061 days
appstatdb: Logs and Indexes: 4.7GB Current Retention: 250 days
hip-reports: Logs and Indexes: 0 Current Retention: 0 days

Slot:0
Quotas:
detailed: 60.00%, 282 GB Expiration-period: 0 days
summary: 30.00%, 141 GB Expiration-period: 0 days
infra_audit: 5.00%, 24 GB Expiration-period: 0 days
platform: 0.10%, 0 GB Expiration-period: 0 days
external: 0.10%, 0 GB Expiration-period: 0 days

Disk usage:
detailed: Logs: 273567 MB, Current Retention: 11 days
summary: Logs: 136810 MB, Current Retention: 188 days
infra_audit: Logs: 8815 MB, Current Retention: 867 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days

Space reserved for cores: 0MB

 

L3 Networker

I dont see traffic logs in mine anywhere

 


pano_admin@panorama01> show system logdb-quota

Quotas:
system: 30.00%, 4.171 GB Expiration-period: 0 days
config: 25.00%, 3.476 GB Expiration-period: 0 days
hip-reports: 1.00%, 0.139 GB Expiration-period: 0 days
appstat: 35.00%, 4.867 GB Expiration-period: 0 days

Disk usage:
system: Logs and Indexes: 4.2GB Current Retention: 119 days
config: Logs and Indexes: 657.4MB Current Retention: 475 days
appstatdb: Logs and Indexes: 3.9GB Current Retention: 323 days
hip-reports: Logs and Indexes: 0 Current Retention: 0 days

Slot:0
Quotas:
detailed: 60.00%, 282 GB Expiration-period: 0 days
summary: 30.00%, 141 GB Expiration-period: 0 days
infra_audit: 5.00%, 24 GB Expiration-period: 0 days
platform: 0.10%, 0 GB Expiration-period: 0 days
external: 0.10%, 0 GB Expiration-period: 0 days

Disk usage:
detailed: Logs: 10748 MB, Current Retention: 56 days
summary: Logs: 2057 MB, Current Retention: 321 days
infra_audit: Logs: 5914 MB, Current Retention: 261 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days

Space reserved for cores: 0MB

pano_admin@panorama01>

 

  • 1 accepted solution
  • 25212 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!