Problems with Panorama Logs (e.g. Panorama shows logs from 2 years ago when we filtered for more recent dates and does not show the filter correctly).

Alpalo · ‎06-02-2025

Hi team

We have a Panorama , mode VMware ESXi, version 11.1.6-h3 wiyh log failure, The problem we have is that the panorama does not show logs beyond 1 month, however, I see logs from a specific date in 2023. Does anyone know what could be happening and how can I retrieve logs?I search for logs from several months ago and it shows logs from the year 2023...but not logs from more than 1 month ago.

admin@Panorama> show system disk-space

Filesystem Size Used Avail Use% Mounted on
/dev/root 16G 5.0G 9.4G 35% /
none 16G 116K 16G 1% /dev
/dev/sda5 38G 17G 20G 47% /opt/pancfg
/dev/sda6 23G 13G 9.0G 59% /opt/panrepo
tmpfs 16G 322M 16G 3% /dev/shm
cgroup_root 16G 0 16G 0% /cgroup
/dev/sda8 129G 34G 90G 28% /opt/panlogs
/dev/loop0 9.8G 23M 9.2G 1% /opt/logbuffer
/dev/sdb1 1.7T 1.4T 227G 87% /opt/panlogs/ld1
/dev/sdc1 1.7T 158G 1.5T 10% /opt/panlogs/ld4
/dev/sdc2 1.7T 158G 1.5T 10% /opt/panlogs/ld2
/dev/sdc3 1.7T 161G 1.5T 10% /opt/panlogs/ld3

I dont' see the traffic quotas...

admin@Panorama> show system logdb-quota

Quotas:
system: 30.00%, 33.207 GB Expiration-period: 0 days
config: 25.00%, 27.672 GB Expiration-period: 0 days
hip-reports: 1.00%, 1.107 GB Expiration-period: 0 days
globalprotect: 1.00%, 1.107 GB Expiration-period: 0 days
appstat: 35.00%, 38.741 GB Expiration-period: 0 days

Disk usage:
system: Logs and Indexes: 8.5GB Current Retention: 780 days
config: Logs and Indexes: 40.3MB Current Retention: 775 days
appstatdb: Logs and Indexes: 11.6GB Current Retention: 780 days
hip-reports: Logs and Indexes: 0 Current Retention: 0 days
globalprotect: Logs and Indexes: 0 Current Retention: 0 days

Slot:0
Quotas:
detailed: 60.00%, 282 GB Expiration-period: 0 days
summary: 30.00%, 141 GB Expiration-period: 0 days
infra_audit: 5.00%, 24 GB Expiration-period: 0 days
platform: 0.10%, 0 GB Expiration-period: 0 days
external: 0.10%, 0 GB Expiration-period: 0 days

Disk usage:
detailed: Logs: 102300 MB, Current Retention: 53 days
summary: Logs: 41444 MB, Current Retention: 100 days
infra_audit: Logs: 228 MB, Current Retention: 610 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days

Slot:1
Quotas:
detailed: 60.00%, 282 GB Expiration-period: 0 days
summary: 30.00%, 141 GB Expiration-period: 0 days
infra_audit: 5.00%, 24 GB Expiration-period: 0 days
platform: 0.10%, 0 GB Expiration-period: 0 days
external: 0.10%, 0 GB Expiration-period: 0 days

Disk usage:
detailed: Logs: 33960 MB, Current Retention: 53 days
summary: Logs: 7284 MB, Current Retention: 100 days
infra_audit: Logs: 5 MB, Current Retention: 610 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days

Slot:2
Quotas:
detailed: 60.00%, 282 GB Expiration-period: 0 days
summary: 30.00%, 141 GB Expiration-period: 0 days
infra_audit: 5.00%, 24 GB Expiration-period: 0 days
platform: 0.10%, 0 GB Expiration-period: 0 days
external: 0.10%, 0 GB Expiration-period: 0 days

Disk usage:
detailed: Logs: 33889 MB, Current Retention: 53 days
summary: Logs: 7271 MB, Current Retention: 100 days
infra_audit: Logs: 5 MB, Current Retention: 610 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days

Slot:3
Quotas:
detailed: 60.00%, 282 GB Expiration-period: 0 days
summary: 30.00%, 141 GB Expiration-period: 0 days
infra_audit: 5.00%, 24 GB Expiration-period: 0 days
platform: 0.10%, 0 GB Expiration-period: 0 days
external: 0.10%, 0 GB Expiration-period: 0 days

Disk usage:
detailed: Logs: 33914 MB, Current Retention: 53 days
summary: Logs: 7301 MB, Current Retention: 100 days
infra_audit: Logs: 5 MB, Current Retention: 610 days
platform: Logs: 0 MB, Current Retention: 0 days
external: Logs: 0 MB, Current Retention: 0 days

Space reserved for cores: 0MB

admin@Panorama>

Can anybody helps me?

Regards

reaper · ‎06-02-2025

the quotas are managed in your log collector settings, not in the system disk

your disks usage is not spread evenly, have you verified if your raid array is healthy (see if sdc 1 2 and 3 haven't dropped out? or were they properly joined when you first added them?)

/dev/sdb1 1.7T 1.4T 227G 87% /opt/panlogs/ld1
/dev/sdc1 1.7T 158G 1.5T 10% /opt/panlogs/ld4
/dev/sdc2 1.7T 158G 1.5T 10% /opt/panlogs/ld2
/dev/sdc3 1.7T 161G 1.5T 10% /opt/panlogs/ld3

check this link : https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000HAFv for some useful commands

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Alpalo · ‎06-02-2025

Hi

But is a Virtual Panorama not a model M...

Regards

Alpalo · ‎06-03-2025

Could anybody helps me?

Thanks a lot

reaper · ‎06-03-2025

even in a VM Panorama, disks need to be added to the raid array

Those commands work on both VM and appliance, so please don't focus on the title of the article and use the commands in there to verify the status of your disks in the array:

show system raid detail

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Alpalo · ‎06-03-2025

admin@Panorama> show system raid detail

Invalid syntax.

admin@Panorama> show system disk details

Name : sdb
State : Present
Size : 2097152 MB
Status : Available
Reason : Admin enabled

Name : sdc
State : Present
Size : 6291456 MB
Status : Available
Reason : Admin enabled

admin@Panorama>

Alpalo · ‎06-05-2025

Hi,

do you have other idea? I still have the problem

Regards

Unlock your full community experience!

Problems with Panorama Logs (e.g. Panorama shows logs from 2 years ago when we filtered for more recent dates and does not show the filter correctly).

Problems with Panorama Logs (e.g. Panorama shows logs from 2 years ago when we filtered for more recent dates and does not show the filter correctly).

Show your appreciation!