11-07-2016 01:02 AM
Hello Experts
What is the rention period for traffic logs on Panorama, I mean how many days it will keep the traffic logs from firewall. Actually I need to do the harden the security rules by looking the traffic logs.
11-07-2016 05:42 AM
the 'show system logdb-quota command will tell you how much retention you are currently reaching:
.....
Disk usage:
traffic: Logs and Indexes: 1.1G Current Retention: 181 days
threat: Logs and Indexes: 3.5G Current Retention: 854 days
system: Logs and Indexes: 2.1G Current Retention: 1350 days
config: Logs and Indexes: 1.3G Current Retention: 1323 days
......
if there's room to change quotas around you can, but if that's not an option and you require more space, you can opt to add log collectors to your environment which come with far larger storage capacity and can be clustered to expand even further (the 'M' platform)
11-07-2016 01:46 AM
Hi,
My guess it is similar way to the firewall, depend on your disk space configuration:
But l might be wrong as don't have a Panorama in the production
11-07-2016 01:53 AM
Log retention depends on several factors:
-amount of storage available
-log volume
once your log storage is depleted, panorama will automatically prune old logs to make room for fresh logs
you can customize the size of each logdb if needed (beware: changing the quota will purge the existing db)
you can check the quota :
> show system logdb-quota
11-07-2016 04:07 AM
Hi @reaper
Thanks but can you please give me some commands to check for how long logs are there. I would like to keep security policies logs at least for 6 months. What I can do? Just increase the log storage but how much? Any pointer will be highly appreciated
11-07-2016 05:42 AM
the 'show system logdb-quota command will tell you how much retention you are currently reaching:
.....
Disk usage:
traffic: Logs and Indexes: 1.1G Current Retention: 181 days
threat: Logs and Indexes: 3.5G Current Retention: 854 days
system: Logs and Indexes: 2.1G Current Retention: 1350 days
config: Logs and Indexes: 1.3G Current Retention: 1323 days
......
if there's room to change quotas around you can, but if that's not an option and you require more space, you can opt to add log collectors to your environment which come with far larger storage capacity and can be clustered to expand even further (the 'M' platform)
11-07-2016 06:42 AM
@reaper Thanks. I am using virtual applicance, in this case can I use the log collectors?
11-07-2016 07:19 AM
yes you can, log collectors are supported both on the physical and virtual panorama
You can increase log capacity of the virtual appliance to 2TB by mounting an NFS volume for example, if that is enough capacity for your needs
04-07-2022 06:38 AM
Thanks!
04-07-2022 10:17 PM
Hi @reaper,
At what time duration this timers will get refreshed, Let say current retention period is 180 days and how long it will take to change the retention period if the log volume is high.
12-15-2022 08:03 PM
Hi All,
I run the "show system logdb-quota" in the Panorama but I can't get the information about traffic/threat quota.
Below is the result :
xx@panorama-01(primary-active)> show system logdb-quota
Quotas:
system: 30.00%, 4.021 GB Expiration-period: 0 days
config: 25.00%, 3.351 GB Expiration-period: 0 days
hip-reports: 1.00%, 0.134 GB Expiration-period: 0 days
appstat: 35.00%, 4.692 GB Expiration-period: 0 days
Disk usage:
system: Logs and Indexes: 4.0GB Current Retention: 39 days
config: Logs and Indexes: 763.9MB Current Retention: 1061 days
appstatdb: Logs and Indexes: 4.7GB Current Retention: 250 days
hip-reports: Logs and Indexes: 0 Current Retention: 0 days
Slot:0
Quotas:
detailed: 60.00%, 282 GB Expiration-period: 0 days
summary: 30.00%, 141 GB Expiration-period: 0 days
infra_audit: 5.00%, 24 GB Expiration-period: 0 days
platform: 0.10%, 0 GB Expiration-period: 0 days
external: 0.10%, 0 GB Expiration-period: 0 days
Disk usage:
detailed: Logs: 273567 MB, Current Retention: 11 days
summary: Logs: 136810 MB, Current Retention: 188 days
infra_audit: Logs: 8815 MB, Current Retention: 867 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days
Space reserved for cores: 0MB
04-19-2023 03:58 PM
I dont see traffic logs in mine anywhere
pano_admin@panorama01> show system logdb-quota
Quotas:
system: 30.00%, 4.171 GB Expiration-period: 0 days
config: 25.00%, 3.476 GB Expiration-period: 0 days
hip-reports: 1.00%, 0.139 GB Expiration-period: 0 days
appstat: 35.00%, 4.867 GB Expiration-period: 0 days
Disk usage:
system: Logs and Indexes: 4.2GB Current Retention: 119 days
config: Logs and Indexes: 657.4MB Current Retention: 475 days
appstatdb: Logs and Indexes: 3.9GB Current Retention: 323 days
hip-reports: Logs and Indexes: 0 Current Retention: 0 days
Slot:0
Quotas:
detailed: 60.00%, 282 GB Expiration-period: 0 days
summary: 30.00%, 141 GB Expiration-period: 0 days
infra_audit: 5.00%, 24 GB Expiration-period: 0 days
platform: 0.10%, 0 GB Expiration-period: 0 days
external: 0.10%, 0 GB Expiration-period: 0 days
Disk usage:
detailed: Logs: 10748 MB, Current Retention: 56 days
summary: Logs: 2057 MB, Current Retention: 321 days
infra_audit: Logs: 5914 MB, Current Retention: 261 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days
Space reserved for cores: 0MB
pano_admin@panorama01>
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
