Panorama logs - using local Panorama VM disk for logging - unable to view logs from firewalls prior to 00:29

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Panorama logs - using local Panorama VM disk for logging - unable to view logs from firewalls prior to 00:29

L0 Member

I have Panorama VM running in "Panorama mode" on VM ESXi, version 10.1.4

 

I have configured "managed Collector"  to be Panorama, and diskA (which is a 2TB disk) with a "Collector Group" for 1x HA firewalls to send logs to

 

When i view the logs in Panorama, i see the logs from the firewall devices, but i never see the logs from the previous day, i only see the logs going back to 00:29 for that day, and when looking the next day i only see logs for that day up until that same time, but do not see the previous day.

 

It seems like there is a setting that wrapping the logs - can anyone advise what setting i need to review to change this ?

 

Please see some outputs below

 

show system disk details

Name : sdb
State : Present
Size : 2097152 MB
Status : Available
Reason : Admin enabled

 

show system disk-space

Filesystem Size Used Avail Use% Mounted on
/dev/root 7.9G 4.8G 2.7G 65% /
none 7.9G 100K 7.9G 1% /dev
/dev/sda5 24G 4.7G 18G 21% /opt/pancfg
/dev/sda6 5.9G 2.6G 3.0G 47% /opt/panrepo
tmpfs 7.9G 896M 7.0G 12% /dev/shm
cgroup_root 7.9G 0 7.9G 0% /cgroup
/dev/sda8 32G 1.3G 29G 5% /opt/panlogs
/dev/loop0 9.8G 23M 9.2G 1% /opt/logbuffer
/dev/sdb1 1.7T 594M 1.7T 1% /opt/panlogs/ld1
tmpfs 12M 36K 12M 1% /opt/pancfg/mgmt/ssl/private
tmpfs 32M 0 32M 0% /mnt/pantmp

 

show system logdb-quota

Quotas:
system: 25.00%, 3.351 GB Expiration-period: 180 days
config: 30.00%, 4.021 GB Expiration-period: 180 days
hip-reports: 1.00%, 0.134 GB Expiration-period: 180 days
appstat: 35.00%, 4.692 GB Expiration-period: 180 days

 

Disk usage:
system: Logs and Indexes: 67.5MB Current Retention: 9 days
config: Logs and Indexes: 20.1MB Current Retention: 8 days
appstatdb: Logs and Indexes: 41.9MB Current Retention: 9 days
hip-reports: Logs and Indexes: 0 Current Retention: 0 days

Slot:0


Quotas:
detailed: 74.00%, 348 GB Expiration-period: 180 days
summary: 20.00%, 94 GB Expiration-period: 180 days
infra_audit: 5.00%, 24 GB Expiration-period: 180 days
platform: 0.50%, 2 GB Expiration-period: 180 days
external: 0.50%, 2 GB Expiration-period: 180 days

 

Disk usage:
detailed: Logs: 277 MB, Current Retention: 1 days
summary: Logs: 2 MB, Current Retention: 1 days
infra_audit: Logs: 9 MB, Current Retention: 30 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days

 

 

1 REPLY 1

L2 Linker

Do you check  how do you setup logging period ? In Monitor>traffic , top of right corner , you can filter last 15 mins, hours , 24 hours etc ...

Run cli , show log-collector-es-cluster health   , show us what do you see /..

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!