Retention period for traffic logs on Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Retention period for traffic logs on Panorama

L4 Transporter

Hello Experts

 

What is the rention period for traffic logs on Panorama, I mean how many days it will keep the traffic logs from firewall. Actually I need to do the harden the security rules by looking the traffic logs.

1 ACCEPTED SOLUTION

Accepted Solutions

the 'show system logdb-quota command will tell you how much retention you are currently reaching:

 

.....

Disk usage:

traffic: Logs and Indexes: 1.1G Current Retention: 181 days

threat: Logs and Indexes: 3.5G Current Retention: 854 days

system: Logs and Indexes: 2.1G Current Retention: 1350 days

config: Logs and Indexes: 1.3G Current Retention: 1323 days

......

 

if there's room to change quotas around you can, but if that's not an option and you require more space, you can opt to add log collectors to your environment which come with far larger storage capacity and can be clustered to expand even further (the 'M' platform

Tom Piens
PANgurus - (co)managed services and consultancy

View solution in original post

10 REPLIES 10

L6 Presenter

Hi,

 

My guess it is similar way to the firewall, depend on your disk space configuration:

 

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Determine-How-Much-Disk-Space-is-All...

 

But l might be wrong as don't have a Panorama in the production

Cyber Elite
Cyber Elite

Log retention depends on several factors:

-amount of storage available

-log volume

 

once your log storage is depleted, panorama will automatically prune old logs to make room for fresh logs

 

you can customize the size of each logdb if needed (beware: changing the quota will purge the existing db)

 

you can check the quota :

 

> show system logdb-quota
Tom Piens
PANgurus - (co)managed services and consultancy

Hi @reaper

 

Thanks but can you please give me some commands to check for how long logs are there. I would like to keep security policies logs at least for 6 months. What I can do? Just increase the log storage but how much? Any pointer will be highly appreciated 

the 'show system logdb-quota command will tell you how much retention you are currently reaching:

 

.....

Disk usage:

traffic: Logs and Indexes: 1.1G Current Retention: 181 days

threat: Logs and Indexes: 3.5G Current Retention: 854 days

system: Logs and Indexes: 2.1G Current Retention: 1350 days

config: Logs and Indexes: 1.3G Current Retention: 1323 days

......

 

if there's room to change quotas around you can, but if that's not an option and you require more space, you can opt to add log collectors to your environment which come with far larger storage capacity and can be clustered to expand even further (the 'M' platform

Tom Piens
PANgurus - (co)managed services and consultancy
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!