Log Retention for PA-1400

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Log Retention for PA-1400

L1 Bithead

Hi,

 

Specifically for PA-1420, I aware the storage capacity is 240GB. Is there anyway I can know the duration of log retention for 700 users?

 

From what I understand, log retention is affected by the space on disk, not on the number of user. When you run out of it, firewall will automatically deletes oldest entries in that specific log, whether it's traffic, threat, URL. 

Is my understanding correct?

2 REPLIES 2

Cyber Elite
Cyber Elite

log ingestion depends on many factors but the 'default' expectancy for a 1400 chassis is about 5tb for 30 days (so your 240gb will not get you far)

The logs are broken up into containers for each different log type (traffic, threat, ...) and log retention/pruning will be different for each container. once a container is full, logs will be pruned FIFO (oldest logs get deleted)

you are able to change the storage assigned to each container, so you are able to manipulate how much storage each type receives (e.g. if traffic log is less important than threat log, you could remove some storage % from traffic log container to reassign to the threat log container etc)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Cyber Elite
Cyber Elite

Hello,

It would be best to send the logs to a SIEM for longer term storage. There are many 'free' and low cost options available.

 

Regards,

  • 750 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!