10-13-2018 07:20 AM - edited 10-13-2018 07:23 AM
I have enabled threat signature to capture single file only.
but from last 3 days i see so many same threat logs with pcap done.
i got email today of disk space alert
i checked disk space
show system disk-space
Filesystem Size Used Avail Use% Mounted on
/dev/md2 3.8G 3.3G 341M 91% /
/dev/md5 7.6G 3.4G 3.8G 48% /opt/pancfg
/dev/md6 3.8G 2.7G 910M 76% /opt/panrepo
tmpfs 2.0G 116M 1.9G 6% /dev/shm
cgroup_root 2.0G 0 2.0G 0% /cgroup
/dev/md8 198G 139G 50G 74% /opt/panlogs
tmpfs 12M 0 12M 0% /opt/pancfg/mgmt/lcaas/ssl/private
does the threat pcap or all the pcaps stored in /dev/md2???????
as a workaround i have disabled the pcap on the threat signature?
10-13-2018 08:32 AM
All packet captures are stored on the root partition, i.e. the one that is mounted on / (md2)
If you are on PAN-OS 8.0 you can use the command debug software disk-usage aggressive-cleaning enable which will purge old process log files (log files ending in .1, .2, .3, .4 or .old) once the root parition reaches 95%
10-13-2018 08:32 AM
All packet captures are stored on the root partition, i.e. the one that is mounted on / (md2)
If you are on PAN-OS 8.0 you can use the command debug software disk-usage aggressive-cleaning enable which will purge old process log files (log files ending in .1, .2, .3, .4 or .old) once the root parition reaches 95%
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
