09-04-2015 07:48 AM
Hello Community,
Actually I have an issue with traffic log alarm.
First, I want to know more related to traffic log works.
Actually the PA has assingned 32% (38.06 GB) of quota.
In the security rules the flag is check in the option "end the session" and these logs, palo alto sends to external syslog server.
Why does the traffic log is filling the PA quota so fast ?
What I found it seems like it caused by receiving too much to log and it can't purge the logs fast enough to keep them under the threshold.
does that sound about right?
I run the command "less mp-log ms.log" and do not found the log is purging, How to do to set up the purge in the logs ?.
It sounded like the logs are designed to stay close to the threshold, then purge when it is exceeded.
Is it correct to say the system is designed to keep the log storage close to 90% threshold.
It purges the logs when threshold is exceeded.
When it can not purge logs fast enough it generates the errors.
what do you recomended to solve this issue ?
Thanks a lot for your comments.
Best Regards
Andres Padilla
