For details on cookie usage on our site, read our Privacy Policy
Retention period for traffic logs on Panorama
- LIVEcommunity
- Discussions
- General Topics
- Re: Retention period for traffic logs on Panorama
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2016 01:02 AM
Hello Experts
What is the rention period for traffic logs on Panorama, I mean how many days it will keep the traffic logs from firewall. Actually I need to do the harden the security rules by looking the traffic logs.
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2016 05:42 AM
the 'show system logdb-quota command will tell you how much retention you are currently reaching:
.....
Disk usage:
traffic: Logs and Indexes: 1.1G Current Retention: 181 days
threat: Logs and Indexes: 3.5G Current Retention: 854 days
system: Logs and Indexes: 2.1G Current Retention: 1350 days
config: Logs and Indexes: 1.3G Current Retention: 1323 days
......
if there's room to change quotas around you can, but if that's not an option and you require more space, you can opt to add log collectors to your environment which come with far larger storage capacity and can be clustered to expand even further (the 'M' platform)
PANgurus - SASE and Strata specialist; (co)managed services, VAR and consultancy
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2016 01:46 AM
Hi,
My guess it is similar way to the firewall, depend on your disk space configuration:
But l might be wrong as don't have a Panorama in the production
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2016 01:53 AM
Log retention depends on several factors:
-amount of storage available
-log volume
once your log storage is depleted, panorama will automatically prune old logs to make room for fresh logs
you can customize the size of each logdb if needed (beware: changing the quota will purge the existing db)
you can check the quota :
> show system logdb-quota
PANgurus - SASE and Strata specialist; (co)managed services, VAR and consultancy
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2016 04:07 AM
Hi @reaper
Thanks but can you please give me some commands to check for how long logs are there. I would like to keep security policies logs at least for 6 months. What I can do? Just increase the log storage but how much? Any pointer will be highly appreciated
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2016 05:42 AM
the 'show system logdb-quota command will tell you how much retention you are currently reaching:
.....
Disk usage:
traffic: Logs and Indexes: 1.1G Current Retention: 181 days
threat: Logs and Indexes: 3.5G Current Retention: 854 days
system: Logs and Indexes: 2.1G Current Retention: 1350 days
config: Logs and Indexes: 1.3G Current Retention: 1323 days
......
if there's room to change quotas around you can, but if that's not an option and you require more space, you can opt to add log collectors to your environment which come with far larger storage capacity and can be clustered to expand even further (the 'M' platform)
PANgurus - SASE and Strata specialist; (co)managed services, VAR and consultancy
- Managed Firewall will not connect in Panorama Discussions
- VM series firewalls not sending logs to Panorama in General Topics
- PSE software firewall associate in General Topics
- Panorama System Logs in Panorama Discussions
- XSOAR - for an environment of 26 Palo Alto Firewalls + 4 PANORAMA - is it worth it? in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
