This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

traffic log database exceeds alarm threshold value 100% of total allowed size

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

traffic log database exceeds alarm threshold value 100% of total allowed size

Zorgnet
L0 Member

‎02-15-2024 04:10 AM

Hello community,

 

On my paloalto 850 I get several alarms every day stating:

"Current suz (xxxMB) of traffic log database exceeds alarm threshold value (100%) of total allowed size (xxxMB).

 

On the CLI a "show system disk-space" shows the disk on not full:

 

Filesystem Size Used Avail Use% Mounted on
/dev/root         9.5G    3.4G    5.6G  38% /
none              2.5G    68K     2.5G     1% /dev
/dev/sda5      19G    5.6G     13G    31% /opt/pancfg
/dev/sda6       7.6G    3.6G    3.7G  50% /opt/panrepo
tmpfs              2.5G    361M   2.2G 15% /dev/shm
cgroup_root   2.5G    0           2.5G   0% /cgroup
/dev/sda8      173G    141G    24G  86% /opt/panlogs

 

How could I solve this?

 

Pan-os 10.1.10-h2

 

Jan

0 Likes Likes
1 REPLY 1

kiwi
Community Team Member

‎02-15-2024 05:28 AM - edited ‎02-15-2024 05:32 AM

Hi @Zorgnet ,

 

Disk-space is not the same as the threshold value you have set on the different log databases.

 

The device will start overwriting the oldest logs automatically once you reach the quota.  So the drive will always be around the quota size as the logs will roll round.

 

The device will be writing logs to the drive even if you have a log forwarding profile set up but you can always export the logs and then delete them from the device to clear some space.

Logging at session end is a good way of cutting down on logs generated (instead of logging at session start and end).

 

Execute the below CLI command to view your quotas.

 

 

> show system logdb-quota

 

 

Please refer to the below links to know to more about this exact behavior and how to eliminate alarm message:

 

Alarm "Current size of traffic log database exceeds alarm threshold value of total allowed size"

How to Eliminate Alarm Message: Log Database Exceeds Alarm Threshold Value

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes
  • 277 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks