Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to Clear Logs To Reduce Disk Space usage on /opt/panlogs - Knowledge Base - Palo Alto Networks

How to Clear Logs To Reduce Disk Space usage on /opt/panlogs

197072
Created On 09/25/18 19:02 PM - Last Modified 04/19/24 19:17 PM


Symptom


  • The /opt/panlogs disk partition is high
> show system disk-space

Filesystem      Size  Used Avail Use% Mounted on
/dev/root       7.0G  4.1G  2.6G  62% /
none            3.2G   92K  3.2G   1% /dev
/dev/sda5        16G  2.4G   13G  16% /opt/pancfg
/dev/sda6       8.0G  3.2G  4.4G  43% /opt/panrepo
tmpfs           2.2G  1.7G  492M  78% /dev/shm
cgroup_root     3.2G     0  3.2G   0% /cgroup
/dev/sda8       125G  115G  3.7G  97% /opt/panlogs   <----- Shows above 95%


Environment


  • Palo Alto Firewall


Resolution


  • To reduce disk usage instantly, delete all logs for a given log type  (logs can not be deleted according to the date). 
  • The following logs can be cleared
    • Traffic logs
    • Threat, URL, and Data Logs
    • Configuration logs
    • System logs
    • HIP Match logs
    • GlobalProtect logs
    • Alarm logs
    • Tunnel, GTP logs
    • User-ID logs
    • IP-Tag logs
    • Authentication logs
    • Decryption logs
    • ACC database (CLI command only)
    • SCTP logs (CLI command only)

 

Clear logs via the WebGUI

  1. Device > Log Setting > Scroll down to Manage Logs.
Clear Logs
  1. Click the log type you want to clear and click YES to confirm the request.
Confirm Clear Logs


 

Clear logs via the CLI

  1. Log into CLI

  2. Use the clear log command to clear the log type you want, then confirm.

    admin@PAN> clear log
    > acc             ACC database
    > alarm           Alarm logs
    > auth            Authentication logs
    > config          Configuration logs
    > decryption      Decryption logs
    > globalprotect   GlobalProtect logs
    > gtp             Tunnel and GTP logs
    > hipmatch        Hipmatch database
    > iptag           Iptag logs
    > sctp            SCTP logs
    > system          System logs
    > threat          Threat logs
    > traffic         Traffic logs
    > userid          User-ID logs
            
          (Example clearing hipmatch log)
    
    admin@PAN> clear log hipmatch
    Hipmatch database will be removed. Do you want to continue? (y or n)
    

    Note: Clearing the threat log also clears the URL log.
     



If none of the above remediation steps resolve the issue, it is recommended to collect the following Troubleshooting Data below and open a Support Case.
  1. Collect Tech Support File  (GUI: Device > Support  Click Generate Tech Support File)
  2. Collect the output of the CLI show system disk-space 


Additional Information


  • To prevent logs from filling up /opt/panlogs Disk quota can be utilized and adjusted. (Device > Setup > scroll down to Logging and Reporting Settings)
    • Logs are purged when the quota is exceeded, so it is recommended not to allocate more than 95% of the space to allow some buffer space. Set the "Max Days" (Retention Period) so that log purging operation works seamlessly and prevents the disk from filling up. See How to Determine How Much Disk Space is Allocated to Logs
  • For Panorama in Legacy mode check if it is hitting issue PAN-204683 fixed in 10.1.10, 10.2.5 and 11.0.1
    • PAN-204683: Fixed an issue where logs were unable to be generated due to old logs not getting purged and /opt/panlogs reaching over 100% usage.


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSjCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language