This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Panorama Logs - Storage and LPS rate

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama Logs - Storage and LPS rate

Ramakrishnan
L2 Linker

‎07-08-2024 11:35 PM

Der All, 

 

I have couple of queries regarding Log storage and Lps. 

I have M300 Panorama appliance with Active/Passive. I have installed the Panorama HDD with full capacity which is 16TB HDD. I am managing 400+ firewall from this Panorama. For Initial period I will forward the fw logs to Panorama later will forward fw logs to SIEM solution. So I wanted to monitor closely Panorama disk storage and lps, since I want to ensure at least 14 days of logs being stored in Panorama and exceeding the LPS should not impact the Panorama performance. 

I have following  questions:

(i)show system logdb-quota ----> disk storage current retention days are keep continuously is that based on log usage?

(ii) Log Storage [Screen shot] --- > Why its showing 1280 GB as free storage, Is it not Log storage?

(iii) show system disk-space ---- > showing me the storage details along with HDD which I installed ~6.n TB, should I calculate this for log storage?

(iv) In Solar winds monitoring I could see only Slot 0 disks that to not showing 8TB disks, I am doing this SNMP walk, Can you please suggest who shoudl I do monitoring HDD disks from Sw. 

 

show system logdb-quota
system: 30.00%, 19.812 GB Expiration-period: 0 days
config: 25.00%, 16.510 GB Expiration-period: 0 days
hip-reports: 1.00%, 0.660 GB Expiration-period: 0 days
globalprotect: 0.00%, 0.000 GB Expiration-period: 0 days
appstat: 35.00%, 23.114 GB Expiration-period: 0 days

Disk usage:
system: Logs and Indexes: 2.3GB Current Retention: 277 days
config: Logs and Indexes: 242.2MB Current Retention: 92 days
appstatdb: Logs and Indexes: 1.4GB Current Retention: 85 days
hip-reports: Logs and Indexes: 0 Current Retention: 0 days
globalprotect: Logs and Indexes: 0 Current Retention: 0 days

Slot:0
Quotas:
detailed: 60.00%, 1200 GB Expiration-period: 0 days
summary: 30.00%, 600 GB Expiration-period: 0 days
infra_audit: 5.00%, 100 GB Expiration-period: 0 days
platform: 0.10%, 2 GB Expiration-period: 0 days
external: 0.10%, 2 GB Expiration-period: 0 days

Disk usage:
detailed: Logs: 77482 MB, Current Retention: 76 days
summary: Logs: 4686 MB, Current Retention: 76 days
infra_audit: Logs: 0 MB, Current Retention: 0 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days

Slot:1
Quotas:
detailed: 60.00%, 1200 GB Expiration-period: 0 days
summary: 30.00%, 600 GB Expiration-period: 0 days
infra_audit: 5.00%, 100 GB Expiration-period: 0 days
platform: 0.10%, 2 GB Expiration-period: 0 days
external: 0.10%, 2 GB Expiration-period: 0 days

Disk usage:
detailed: Logs: 25731 MB, Current Retention: 76 days
summary: Logs: 1541 MB, Current Retention: 76 days
infra_audit: Logs: 0 MB, Current Retention: 0 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days

Space reserved for cores: 0MB

 

Log Collector Group Free storage:

Ramakrishnan_2-1720506560807.png

 

 

show system disk-space

 Filesystem Size Used Avail Use% Mounted on
/dev/sda3 63G 7.2G 53G 13% /
none 126G 116K 126G 1% /dev
/dev/sda5 158G 5.6G 144G 4% /opt/pancfg
/dev/sda6 48G 6.7G 39G 15% /opt/panrepo
tmpfs 126G 225M 126G 1% /dev/shm
tmpfs 12M 60K 12M 1% /opt/pancfg/mgmt/ssl/private
cgroup_root 126G 0 126G 0% /cgroup
/dev/sda8 108G 5.3G 97G 6% /opt/panlogs
/dev/loop0 16G 45M 15G 1% /opt/logbuffer
/dev/md2 7.3T 177G 6.7T 3% /opt/panlogs/ld2
/dev/md1 7.3T 231G 6.7T 4% /opt/panlogs/ld1
tmpfs 32M 0 32M 0% /mnt/pantmp

0 Likes Likes
1 REPLY 1

Claw4609
Cyber Elite
Cyber Elite

‎07-09-2024 06:51 AM

Hello,

 

The show log quota cli command is more useful for firewalls as opposed to Panorama as thats in relation to Panoramas logs itself as opposed to the firewall logs it stores. 

 

For the extra space question its technically because you have more space that you can allocate in the quota. I believe it defaults to 4.8% but Im not entirely sure of the reason as to why. Given how large of a drive you have you could probably increase this a bit but I would probably avoid going to 100% allocation.

 

You can view how long you Panorama is currently storing firewall logs by going to Panorama > Managed Collectors > Statistics

 

Here is also a calculator to estimate how much space you would need: Sizing Storage With Logging Service Calculator | Palo Alto Networks

0 Likes Likes
  • 701 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks