- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-03-2024 09:28 PM
Hi,
Specifically for PA-1420, I aware the storage capacity is 240GB. Is there anyway I can know the duration of log retention for 700 users?
From what I understand, log retention is affected by the space on disk, not on the number of user. When you run out of it, firewall will automatically deletes oldest entries in that specific log, whether it's traffic, threat, URL.
Is my understanding correct?
06-04-2024 04:40 AM
log ingestion depends on many factors but the 'default' expectancy for a 1400 chassis is about 5tb for 30 days (so your 240gb will not get you far)
The logs are broken up into containers for each different log type (traffic, threat, ...) and log retention/pruning will be different for each container. once a container is full, logs will be pruned FIFO (oldest logs get deleted)
you are able to change the storage assigned to each container, so you are able to manipulate how much storage each type receives (e.g. if traffic log is less important than threat log, you could remove some storage % from traffic log container to reassign to the threat log container etc)
06-04-2024 09:31 AM
Hello,
It would be best to send the logs to a SIEM for longer term storage. There are many 'free' and low cost options available.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!