To reduce disk usage instantly, delete all logs for a given log type (logs can not be deleted according to the date).
The following logs can be cleared
Traffic logs
Threat, URL, and Data Logs
Configuration logs
System logs
HIP Match logs
GlobalProtect logs
Alarm logs
Tunnel, GTP logs
User-ID logs
IP-Tag logs
Authentication logs
Decryption logs
ACC database (CLI command only)
SCTP logs (CLI command only)
Clear logs via the WebGUI
Device > Log Setting > Scroll down to Manage Logs.
Click the log type you want to clear and click YES to confirm the request.
Clear logs via the CLI
Log into CLI
Use the clear log command to clear the log type you want, then confirm.
admin@PAN> clear log
> acc ACC database
> alarm Alarm logs
> auth Authentication logs
> config Configuration logs
> decryption Decryption logs
> globalprotect GlobalProtect logs
> gtp Tunnel and GTP logs
> hipmatch Hipmatch database
> iptag Iptag logs
> sctp SCTP logs
> system System logs
> threat Threat logs
> traffic Traffic logs
> userid User-ID logs
(Example clearing hipmatch log)
admin@PAN> clear log hipmatch
Hipmatch database will be removed. Do you want to continue? (y or n)
Note: Clearing the threat log also clears the URL log.
If none of the above remediation steps resolve the issue, it is recommended to collect the following Troubleshooting Data below and open a Support Case.
Collect Tech Support File (GUI: Device > Support Click Generate Tech Support File)
Collect the output of the CLI show system disk-space
Additional Information
To prevent logs from filling up /opt/panlogs Disk quota can be utilized and adjusted. (Device > Setup > scroll down to Logging and Reporting Settings)
Logs are purged when the quota is exceeded, so it is recommended not to allocate more than 95% of the space to allow some buffer space. Set the "Max Days" (Retention Period) so that log purging operation works seamlessly and prevents the disk from filling up. See How to Determine How Much Disk Space is Allocated to Logs
For Panorama in Legacy mode check if it is hitting issue PAN-204683 fixed in 10.1.10, 10.2.5 and 11.0.1
PAN-204683: Fixed an issue where logs were unable to be generated due to old logs not getting purged and /opt/panlogs reaching over 100% usage.