This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
log retention days
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- Network Security
- Panorama Discussions
- log retention days
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
log retention days
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-22-2022 03:59 PM - edited 03-23-2022 02:09 PM
Hi we have 2 panorama and it has virtual disks for log-collector.
I have checked log-collector-es-cluster health and it is green.
1 collector-group and 2 log-collectors
When i run cli
show system logdb-quota at the active panorama , i get result as below
How can I understand expiration-period is 30 days , but I can't see more than 16 days
Is it disk volume issue ? IMHO , it looks overwrite traffic log older than 16 days
Quotas:
system: 8.00%, 1.072 GB Expiration-period: 7 days
config: 8.00%, 1.072 GB Expiration-period: 7 days
hip-reports: 1.00%, 0.134 GB Expiration-period: 0 days
appstat: 5.00%, 0.670 GB Expiration-period: 0 days
Disk usage:
system: Logs and Indexes: 844.9MB Current Retention: 7 days
config: Logs and Indexes: 28.8MB Current Retention: 7 days
appstatdb: Logs and Indexes: 691.5MB Current Retention: 20 days
hip-reports: Logs and Indexes: 0 Current Retention: 0 days
Slot:0
Quotas:
detailed: 60.00%, 282 GB Expiration-period: 30 days
summary: 30.00%, 141 GB Expiration-period: 30 days
infra_audit: 5.00%, 24 GB Expiration-period: 30 days
platform: 0.10%, 0 GB Expiration-period: 30 days
external: 0.10%, 0 GB Expiration-period: 30 days
Disk usage:
detailed: Logs: 137161 MB, Current Retention: 14 days
summary: Logs: 21456 MB, Current Retention: 27 days
infra_audit: Logs: 1425 MB, Current Retention: 21 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days
Slot:1
Quotas:
detailed: 60.00%, 282 GB Expiration-period: 30 days
summary: 30.00%, 141 GB Expiration-period: 30 days
infra_audit: 5.00%, 24 GB Expiration-period: 30 days
platform: 0.10%, 0 GB Expiration-period: 30 days
external: 0.10%, 0 GB Expiration-period: 30 days
Disk usage:
detailed: Logs: 137103 MB, Current Retention: 14 days
summary: Logs: 22017 MB, Current Retention: 27 days
infra_audit: Logs: 1403 MB, Current Retention: 21 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days
Slot:2
Quotas:
detailed: 60.00%, 282 GB Expiration-period: 30 days
summary: 30.00%, 141 GB Expiration-period: 30 days
infra_audit: 5.00%, 24 GB Expiration-period: 30 days
platform: 0.10%, 0 GB Expiration-period: 30 days
external: 0.10%, 0 GB Expiration-period: 30 days
Disk usage:
detailed: Logs: 137118 MB, Current Retention: 14 days
summary: Logs: 21723 MB, Current Retention: 27 days
infra_audit: Logs: 1401 MB, Current Retention: 21 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days
Space reserved for cores: 0MB
5 REPLIES 5
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-11-2022 01:44 AM
I have the same issue. Panorama 10.1.5 accepting logs from a number of gateways (most being 9.1.13). Threat log allocation, for example, is 64GB. Expiration Period is 90 days. However the logdb-usage command lists 'Current Retention' as 12 days. 64GB should be enough for millions of log entries allowing for at least 90 days. If i export the entire 12 days of threat logs, that is only 80,000 entries.
The PA tech i spoke with suspects the allocated space is clogged up with indexes rather than with actual logs. However he is not yet sure how to check.
Related Content
- NGFW PA-3200 series Telemetry DATA collection not happening in AIOps in AIOps for NGFW Discussions
- Allowed SSL traffic reporting as policy-deny in Next-Generation Firewall Discussions
- Some PAN-OS 10.1.1 and 10.1.2 firewalls not appearing in AIOPS in AIOps for NGFW Discussions
- Panorama System Logs in Panorama Discussions
- Global protect VPN disconnecting multiple times in GlobalProtect Discussions
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks