01-13-2025 03:35 AM - edited 01-13-2025 03:39 AM
Hello!
I have a VM panorama with a system disk 81 GB and a log disk 2 TB.
No traffic and threat log under monitor showed after panorama upgrade from v10.2.8 to 11.0.0
This version 11.1.3-h4 fixed the log problem. Traffic and threat log under monitor shows again, but logging shows 3 months back in time and does not show back 2022, 2023 and 2024.
While firewalls still have logs back 2022, 2023 and 2024
I see that logs older than 3 months are deleted to write new logs. Panorama cannot delete oldest logs from 2022 first
It looks like the log disk (disk A) 2 TB is corrupted during the upgrade. I followed this link to create a new log disk 2 TB (disk B)
https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/set-up-panorama/set-up-the-panorama-v...
. It starts writing new logs and retention days increase on disk A and B. Logs older than 3 months are not deleted. So far so good.
I want to remove the old disk 2TB (disk A) and did not find any documentation on how to remove the old log disk from VM Panorama.
I do not think it is so easy to do like this:
1) show system disk details
I can see 2 disks (2x 2TB): name: sdb and sdc, state:present, size:2097152 MB, status: available, reason: admin enabled.
2) Delete disk A under managed collectors --> request system disk remove sdb --> turn off VM Panorama --> just remove a virtual disk - disk A --> turn on VM Panorma --> Done!
I heard that I need to create the third disk 2 TB to make logging redundancy first and then I can remove the disk A.
Is that true? Can you please guide me how to remove disk A?
01-13-2025 07:50 PM
Hello @Trin ,
Before upgrading, please read the documentation page
Based on what you are explaining, it may be related to the point about the collector group.
Anyway, the logging redundancy will not work (the idea is to store a copy per node, not per disk).
Maybe you can raise a case to TAC so it can be properly investigated.
Olivier
PCSNE - CISSP
Best Effort contributor
Check out our PANCast Channel
Disclaimer : All messages are my personal ones and do not represent my company's view in any way.
01-13-2025 10:52 PM
Hello Ozheng
Thanks for your response
I don't have direct TAC support, but I have TAC support via the Palo Alto Partner Provider. I was told that TAC gave up and closed the case.
Now the Palo Alto Partner Provider has the case and promised that they will help me remove the old disk. I have reminded the Palo Alto Partner Provider several times without success.
So I posted the message on this forum and hope that someone can help me
01-13-2025 11:54 PM
Hello!
Just let you that the VM panorama is running this version 11.1.3-h4 and the firewalls are running 11.0.4-h2 (was preferred many weeks ago)
I could like to upgrade the firewalls to the preferred version 11.0.4-h6 today, but I am waiting response from the Palo Alto Parter provider.
Should I upgrade to the preferred version 11.0.4-h6 anyway?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
