User usage report only shows data for a week in Network Monitor under App scope

cancel
Showing results for 
Search instead for 
Did you mean: 

User usage report only shows data for a week in Network Monitor under App scope

L2 Linker

Hi Guys,

Source User report only shows data for a week in Network Monitor under App scope while there are logs available for a month.

However, reports can be seen for a month when filtered by the Application.

Logging and reporting settings are set as per normal

paragkarki143_3-1652079698448.png

Many thanks in advance

Regards,

1 ACCEPTED SOLUTION

Accepted Solutions

L2 Linker

Hey @paragkarki143;

 

The values reported in that section of the output of "show system logdb-quota" are the actual usage, not the configured values. That section is telling you that based on the storage quota provided, it's managed to store x number of days of that type of log.

 

For example, in the case of Daily Traffic Summary you have 242MB and 100 days configured. Based on the CLI output, with 242MB available for that type of log, the firewall is able to store 6 days worth of Daily Traffic Summary logs. You can then roughly figure out that if you want to actually retain 100 days worth of Daily Traffic Summary logs you'll need to increase the percentage of the disk allocated to that type of log.

 

In this case, to keep 100 days of Daily Threat Summary logs you'd need to increase its quota to about 4GB.

 

Since the logging disk on this firewall is relatively very small, my recommendation is that you configure log forwarding to something dedicated for log storage and query like Panorama, or forwarding via Syslog for example to a SIEM.

Kiki

View solution in original post

10 REPLIES 10

L2 Linker

L2 Linker

For reference, that's quite a small logging disk - what model and version of PAN-OS is this?

 

Could you provide the output of
> show system logdb-quota

 

Particularly, the part showing the number of days stored for each log type would be useful to know. Here's an excerpt from my home VM-100:

Disk usage:
traffic: Logs and Indexes: 423M Current Retention: 90 days
threat: Logs and Indexes: 156M Current Retention: 95 days
system: Logs and Indexes: 579M Current Retention: 90 days
config: Logs and Indexes: 45M Current Retention: 74 days
alarm: Logs and Indexes: 24K Current Retention: 0 days
trsum: Logs and Indexes: 357M Current Retention: 90 days
hourlytrsum: Logs and Indexes: 291M Current Retention: 89 days
dailytrsum: Logs and Indexes: 153M Current Retention: 58 days
weeklytrsum: Logs and Indexes: 57M Current Retention: 85 days

 

Kiki

Thanks for your response, please find below

paragkarki143_0-1652135662330.png

 

 

L2 Linker

.

@paragkarki143 

 

I checked on my PA running 10.1.4-h4  no issues.

Which PAN OS version you are running?

 

Regards

MP

L2 Linker

Hi @MP18 ,

Is your disk quota the same as mine?

@KieraMitchell How to change the disk quota? After changing the days on GUI, it is not reflected when viewed through CLI (after commit)

Thanks

paragkarki143_0-1652238649485.png

 

L2 Linker

Hey @paragkarki143;

 

The values reported in that section of the output of "show system logdb-quota" are the actual usage, not the configured values. That section is telling you that based on the storage quota provided, it's managed to store x number of days of that type of log.

 

For example, in the case of Daily Traffic Summary you have 242MB and 100 days configured. Based on the CLI output, with 242MB available for that type of log, the firewall is able to store 6 days worth of Daily Traffic Summary logs. You can then roughly figure out that if you want to actually retain 100 days worth of Daily Traffic Summary logs you'll need to increase the percentage of the disk allocated to that type of log.

 

In this case, to keep 100 days of Daily Threat Summary logs you'd need to increase its quota to about 4GB.

 

Since the logging disk on this firewall is relatively very small, my recommendation is that you configure log forwarding to something dedicated for log storage and query like Panorama, or forwarding via Syslog for example to a SIEM.

Kiki

@paragkarki143 

My daily traffic summary is % 1.5  69.11 MB   and max days tab has no value.

 

Also my Logging and storage value is  below on PA 220.

It might be different depending on the hardware

Log Storage
  • Total: 4.50 GB
  • Unallocated: 193.24 MB
    

 

Regards

MP

Thanks, @MP18 

@KieraMitchell Nice explanation, I now understand it better. This means to see the usage of users under the app scope for more days, we need to make sure the daily traffic summary storage is more, yeah?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!