Panorama Firewall logs

Ramakrishnan · ‎07-01-2024

Dear All,

I currently manage two M-300 Panorama devices in Active/Standby mode, each with a full disk capacity of 4x4 TB (16 TB each). My firewall logs are forwarded to the Active Panorama. Estimated log lps we need at least 93 TB of storage to store 14-15 days of logs, as we do not have that capacity at current Panorama deployment. Due to this storage limitation we planning to have the logs at least for 10 days in Panorama. So we are planning to forward the logs SIEM or Cloud solution to maintain log retention as per policy. But our SIEM and/or Cloud platform aren’t ready yet, also I’m concerned that excessive logs could impact Panorama..?

To address this, I’d like to configure Panorama to retain logs for 10 days instead of storage capacity quota . Could you please guide me on how to achieve this setting logs based on days, after the days are reached panorama should continue to work, should not impact the performance. Can you please help me?

reaper · ‎07-02-2024

Hi!

Panorama will automatically purge old logs (FIFO) once log capacity is reached, so you shouldn't worry about performance

You can set maximum retention days in Panorama > collector group > group > General > Log storage

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Ramakrishnan · ‎07-02-2024

Thanks @reaper for the swift reply.

When i call out Panorama LPS & storage, its a two fold issues. One is logs storage, that we can some how manage by limiting the no of days another issue is excess of LPS.

Yes, perhaps that setting maximum days its start rotate the logs, that ensure we will not hit storage overflow and missing of logs.

But I am concerned about the Panorama performance because, M-300 has the maximum of LPS into process up to 10K LPS, when I do the estimation its almost 48K LPS [about 400 firewalls] . If I am sending the more that 10K LPS will that process, store and rotate the logs or will Panorama ger chocked.

Ramakrishnan · ‎07-02-2024

Hi,

I have addition question regarding to checking the disk storage utilizing by logs.

show system logdb-quota

Slot:0

Quotas:

detailed: 60.00%, 1200 GB Expiration-period: 0 days

summary: 30.00%, 600 GB Expiration-period: 0 days

infra_audit: 5.00%, 100 GB Expiration-period: 0 days

platform: 0.10%, 2 GB Expiration-period: 0 days

external: 0.10%, 2 GB Expiration-period: 0 days

Disk usage:

detailed: Logs: 53300 MB, Current Retention: 69 days

summary: Logs: 3269 MB, Current Retention: 69 days

infra_audit: Logs: 0 MB, Current Retention: 0 days

platform: Logs: 0 MB, Current Retention: 0 days

external: Logs: 0 MB, Current Retention: 0 days

Slot:1

Quotas:

detailed: 60.00%, 1200 GB Expiration-period: 0 days

summary: 30.00%, 600 GB Expiration-period: 0 days

infra_audit: 5.00%, 100 GB Expiration-period: 0 days

platform: 0.10%, 2 GB Expiration-period: 0 days

external: 0.10%, 2 GB Expiration-period: 0 days

Disk usage:

detailed: Logs: 17683 MB, Current Retention: 69 days

summary: Logs: 1081 MB, Current Retention: 69 days

infra_audit: Logs: 0 MB, Current Retention: 0 days

platform: Logs: 0 MB, Current Retention: 0 days

external: Logs: 0 MB, Current Retention: 0 days

But in the the collector group showing only 1 TB is free out of 26 TB I could not get it. Can you please help me to understand.

Also to monitor the lps is there any command from the Panorama system rather than the estimator tool

Ramakrishnan · ‎07-02-2024

Some one can help me on this?

Unlock your full community experience!

Panorama Firewall logs

Panorama Firewall logs

Show your appreciation!