How to Clear Logs on a Palo Alto Networks Device

How to Clear Logs on a Palo Alto Networks Device

78414
Created On 09/25/18 19:02 PM - Last Modified 12/04/19 17:42 PM


Resolution

When configured for logging, the Palo Alto Networks firewall records configuration changes, system events, security threats, traffic flows, and alarms generated by the device.

 

The following logs can be cleared on the Palo Alto Networks device:

PAN-OS 7.1, 8.1 and 9.0
  • Traffic logs
  • Threat, URL, and Data Logs
  • Configuration logs
  • System logs
  • HIP Match logs
  • Alarm logs
  • Tunnel, GTP Logs
  • User-ID logs
  • Authentication Logs
  • ACC database (CLI command only)
  • Iptag logs (CLI command only)
  • SCTP logs (CLI command only)

 

Clear logs via the WebGUI

To clear the logs through the WebGUI.

  1. Navigate to Device > Log Setting > Manage Logs.
  2. Click the link that corresponds to the log you would like to clear—traffic, threat, URL, data, configuration, system, HIP Match, Alarm.

2016-08-24_clear-log.png
 

Clear logs via the CLI

To clear the logs from the CLI, enter the following command:

> clear log <log name>

admin@PA-VM> clear log
> acc        ACC database
> alarm      Alarm logs
> auth       Authentication logs
> config     Configuration logs
> gtp        Tunnel and GTP logs
> hipmatch   Hipmatch database
> iptag      Iptag logs
> sctp       SCTP logs
> system     System logs
> threat     Threat logs
> traffic    Traffic logs
> userid     User-ID logs

Note: Clearing the threat log also clears the URL log.

 

Impact of clearing logs

  • Clearing the logs should not be service impacting.
  • In the event that any of the logs are not flowing after clearing the logs, you may want to restart the management server process with the following command:
admin@PA-VM> debug software restart process management-server

 

If that does not restore the logs, please contact support.

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSjCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language