Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-16-2023 02:59 PM - edited 08-19-2023 02:26 PM
Found our that our FW1 only able to keep 4 days of traffic logs but took more space than FW02 which able to log up to 15 days ( previously FW2 in active for around 2 weeks+)
|
FW01 |
FW02 |
|
Disk usage: traffic: Logs and Indexes: 34G Current Retention: 4 days threat: Logs and Indexes: 18G Current Retention: 6 days system: Logs and Indexes: 4.7G Current Retention: 837 days
FW01(active)> show system disk-space
Filesystem Size Used Avail Use% Mounted on /dev/sda3 19G 5.8G 13G 33% / none 7.7G 60K 7.7G 1% /dev /dev/sda5 38G 5.2G 31G 15% /opt/pancfg /dev/sda6 19G 11G 7.0G 61% /opt/panrepo tmpfs 7.7G 395M 7.3G 6% /dev/shm cgroup_root 7.7G 0 7.7G 0% /cgroup /dev/sda8 125G 96G 23G 82% /opt/panlogs
|
Disk usage: traffic: Logs and Indexes: 21G Current Retention: 15 days threat: Logs and Indexes: 16G Current Retention: 19 days system: Logs and Indexes: 1.6G Current Retention: 1761 days
FW02(passive)> show system disk-space
Filesystem Size Used Avail Use% Mounted on /dev/sda3 19G 5.6G 13G 32% / none 7.7G 60K 7.7G 1% /dev /dev/sda5 38G 5.3G 31G 15% /opt/pancfg /dev/sda6 19G 10G 7.8G 57% /opt/panrepo tmpfs 7.7G 395M 7.3G 6% /dev/shm cgroup_root 7.7G 0 7.7G 0% /cgroup /dev/sda8 125G 71G 48G 60% /opt/panlogs
|
Meanwhile, please answer the following question below for further checking:
08-16-2023 11:06 PM
Hello Noor_sofia,
I don't know if the techsupport files are shared on purpose or not.
Usually, it is something usable by TAC.
Sharing it here is just exposing your firewalls configuration to a public forum.
The password is encrypted, but a bad actor would be able to trace back to your organisation.
Regarding the query : if the FW2 is the passive, it may be normal.
The current retention is a calculated estimation of the retention based on the amount of traffic (the more session you have, the more logs are generated), and the disk space.
Olivier
PCSNE - CISSP
Best Effort contributor
Check out our PANCast Channel
Disclaimer : All messages are my personal ones and do not represent my company's view in any way.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
