This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

User usage report only shows data for a week in Network Monitor under App scope

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

User usage report only shows data for a week in Network Monitor under App scope

Go to solution
Pras
L4 Transporter

‎05-09-2022 12:02 AM

Hi Guys,

Source User report only shows data for a week in Network Monitor under App scope while there are logs available for a month.

However, reports can be seen for a month when filtered by the Application.

Logging and reporting settings are set as per normal

paragkarki143_3-1652079698448.png

Many thanks in advance

Regards,

PrasKtmBoy
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
KieraMitchell
L2 Linker

‎05-11-2022 01:37 AM

Hey @Pras;

 

The values reported in that section of the output of "show system logdb-quota" are the actual usage, not the configured values. That section is telling you that based on the storage quota provided, it's managed to store x number of days of that type of log.

 

For example, in the case of Daily Traffic Summary you have 242MB and 100 days configured. Based on the CLI output, with 242MB available for that type of log, the firewall is able to store 6 days worth of Daily Traffic Summary logs. You can then roughly figure out that if you want to actually retain 100 days worth of Daily Traffic Summary logs you'll need to increase the percentage of the disk allocated to that type of log.

 

In this case, to keep 100 days of Daily Threat Summary logs you'd need to increase its quota to about 4GB.

 

Since the logging disk on this firewall is relatively very small, my recommendation is that you configure log forwarding to something dedicated for log storage and query like Panorama, or forwarding via Syslog for example to a SIEM.

Kiki

View solution in original post

10 REPLIES 10

Go to solution
Pras
L4 Transporter

‎05-09-2022 12:02 AM

@mivaldi 

@S.Cantwell 

PrasKtmBoy
0 Likes Likes

Go to solution
KieraMitchell
L2 Linker

‎05-09-2022 02:41 AM

For reference, that's quite a small logging disk - what model and version of PAN-OS is this?

 

Could you provide the output of
> show system logdb-quota

 

Particularly, the part showing the number of days stored for each log type would be useful to know. Here's an excerpt from my home VM-100:

Disk usage:
traffic: Logs and Indexes: 423M Current Retention: 90 days
threat: Logs and Indexes: 156M Current Retention: 95 days
system: Logs and Indexes: 579M Current Retention: 90 days
config: Logs and Indexes: 45M Current Retention: 74 days
alarm: Logs and Indexes: 24K Current Retention: 0 days
trsum: Logs and Indexes: 357M Current Retention: 90 days
hourlytrsum: Logs and Indexes: 291M Current Retention: 89 days
dailytrsum: Logs and Indexes: 153M Current Retention: 58 days
weeklytrsum: Logs and Indexes: 57M Current Retention: 85 days

 

Kiki
0 Likes Likes

Go to solution
Pras
L4 Transporter
In response to KieraMitchell

‎05-09-2022 03:34 PM

Thanks for your response, please find below

paragkarki143_0-1652135662330.png

 

 

PrasKtmBoy
0 Likes Likes

Go to solution
Pras
L4 Transporter

‎05-09-2022 07:44 PM - edited ‎05-19-2022 04:51 PM

.

PrasKtmBoy
0 Likes Likes

Go to solution
MP18
Cyber Elite
Cyber Elite
In response to Pras

‎05-09-2022 10:32 PM

@Pras 

 

I checked on my PA running 10.1.4-h4  no issues.

Which PAN OS version you are running?

 

Regards

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Go to solution
Pras
L4 Transporter

‎05-10-2022 06:16 PM - edited ‎05-10-2022 08:11 PM

Hi @MP18 ,

Is your disk quota the same as mine?

@KieraMitchell How to change the disk quota? After changing the days on GUI, it is not reflected when viewed through CLI (after commit)

Thanks

paragkarki143_0-1652238649485.png

 

PrasKtmBoy
0 Likes Likes

Go to solution
KieraMitchell
L2 Linker

‎05-11-2022 01:37 AM

Hey @Pras;

 

The values reported in that section of the output of "show system logdb-quota" are the actual usage, not the configured values. That section is telling you that based on the storage quota provided, it's managed to store x number of days of that type of log.

 

For example, in the case of Daily Traffic Summary you have 242MB and 100 days configured. Based on the CLI output, with 242MB available for that type of log, the firewall is able to store 6 days worth of Daily Traffic Summary logs. You can then roughly figure out that if you want to actually retain 100 days worth of Daily Traffic Summary logs you'll need to increase the percentage of the disk allocated to that type of log.

 

In this case, to keep 100 days of Daily Threat Summary logs you'd need to increase its quota to about 4GB.

 

Since the logging disk on this firewall is relatively very small, my recommendation is that you configure log forwarding to something dedicated for log storage and query like Panorama, or forwarding via Syslog for example to a SIEM.

Kiki

Go to solution
MP18
Cyber Elite
Cyber Elite
In response to Pras

‎05-11-2022 10:52 AM - edited ‎05-11-2022 10:55 AM

@Pras 

My daily traffic summary is % 1.5  69.11 MB   and max days tab has no value.

 

Also my Logging and storage value is  below on PA 220.

It might be different depending on the hardware

Log Storage
  • Total: 4.50 GB
  • Unallocated: 193.24 MB
    

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

Go to solution
Pras
L4 Transporter
In response to MP18

‎05-12-2022 04:23 PM

Thanks, @MP18 

@KieraMitchell Nice explanation, I now understand it better. This means to see the usage of users under the app scope for more days, we need to make sure the daily traffic summary storage is more, yeah?

PrasKtmBoy
0 Likes Likes

Go to solution
KieraMitchell
L2 Linker
In response to Pras

‎05-16-2022 03:42 AM

Correct, yes!

Kiki
  • 1 accepted solution
  • 4687 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks