How to Determine How Much Disk Space is Allocated to Logs
275819
Created On 09/25/18 19:52 PM - Last Modified 08/08/22 23:02 PM
Environment
- Palo Alto Firewall
Resolution
Procedure
View Disk space allocated to logs
- From the CLI run the command show system disk-space
PA-VM> show system disk-space Filesystem Size Used Avail Use% Mounted on /dev/root 7.0G 4.1G 2.6G 62% / none 3.2G 92K 3.2G 1% /dev /dev/sda5 16G 2.4G 13G 16% /opt/pancfg /dev/sda6 8.0G 3.2G 4.4G 43% /opt/panrepo tmpfs 2.2G 1.7G 412M 81% /dev/shm cgroup_root 3.2G 0 3.2G 0% /cgroup /dev/sda8 21G 511M 20G 3% /opt/panlogs
- Check the /opt/panlogs partition shows how much is allocated to the logs
View and edit Disk quota for specific logs
From GUI
- Device > Setup > scroll down to Logging and Reporting Settings
- Click the Gear icon
NOTE: Logs are purged when the quota is exceeded, so it is recommended not to allocate more than 95% of the space to allow some buffer space. Set the "Max Days" (Retention Period) so that log purging operation works seamlessly and prevents the disk from filling up.
From the CLI
- Use the show system logdb-quota ccommand
PA-VM> show system logdb-quota Quotas: system: 4.00%, 0.609 GB Expiration-period: 0 days config: 4.00%, 0.609 GB Expiration-period: 0 days alarm: 3.00%, 0.457 GB Expiration-period: 0 days appstat: 4.00%, 0.609 GB Expiration-period: 0 days hip-reports: 1.00%, 0.152 GB Expiration-period: 0 days traffic: 29.00%, 4.414 GB Expiration-period: 0 days threat: 15.00%, 2.283 GB Expiration-period: 0 days trsum: 7.00%, 1.065 GB Expiration-period: 0 days hourlytrsum: 3.00%, 0.457 GB Expiration-period: 0 days dailytrsum: 1.00%, 0.152 GB Expiration-period: 0 days weeklytrsum: 1.00%, 0.152 GB Expiration-period: 0 days urlsum: 2.00%, 0.304 GB Expiration-period: 0 days hourlyurlsum: 1.00%, 0.152 GB Expiration-period: 0 days dailyurlsum: 1.00%, 0.152 GB Expiration-period: 0 days weeklyurlsum: 0.75%, 0.114 GB Expiration-period: 0 days thsum: 2.00%, 0.304 GB Expiration-period: 0 days hourlythsum: 1.00%, 0.152 GB Expiration-period: 0 days dailythsum: 1.00%, 0.152 GB Expiration-period: 0 days weeklythsum: 1.00%, 0.152 GB Expiration-period: 0 days userid: 1.00%, 0.152 GB Expiration-period: 0 days iptag: 1.00%, 0.152 GB Expiration-period: 0 days application-pcaps: 1.00%, 0.152 GB Expiration-period: 0 days extpcap: 1.00%, 0.152 GB Expiration-period: 0 days debug-filter-pcaps: 1.00%, 0.152 GB Expiration-period: 0 days dlp-logs: 1.00%, 0.152 GB Expiration-period: 0 days hipmatch: 3.00%, 0.457 GB Expiration-period: 0 days gtp: 2.00%, 0.304 GB Expiration-period: 0 days gtpsum: 1.00%, 0.152 GB Expiration-period: 0 days hourlygtpsum: 0.75%, 0.114 GB Expiration-period: 0 days dailygtpsum: 0.75%, 0.114 GB Expiration-period: 0 days weeklygtpsum: 0.75%, 0.114 GB Expiration-period: 0 days auth: 1.00%, 0.152 GB Expiration-period: 0 days sctp: 0.00%, 0.000 GB Expiration-period: 0 days sctpsum: 0.00%, 0.000 GB Expiration-period: 0 days hourlysctpsum: 0.00%, 0.000 GB Expiration-period: 0 days dailysctpsum: 0.00%, 0.000 GB Expiration-period: 0 days weeklysctpsum: 0.00%, 0.000 GB Expiration-period: 0 days decryption: 1.00%, 0.152 GB Expiration-period: 0 days desum: 1.00%, 0.152 GB Expiration-period: 0 days hourlydesum: 0.00%, 0.000 GB Expiration-period: 0 days dailydesum: 0.00%, 0.000 GB Expiration-period: 0 days weeklydesum: 0.00%, 0.000 GB Expiration-period: 0 days globalprotect: 1.00%, 0.152 GB Expiration-period: 0 days Disk usage: traffic: Logs and Indexes: 104M Current Retention: 21 days threat: Logs and Indexes: 24K Current Retention: 0 days system: Logs and Indexes: 17M Current Retention: 21 days config: Logs and Indexes: 8.3M Current Retention: 21 days alarm: Logs and Indexes: 20K Current Retention: 0 days trsum: Logs and Indexes: 106M Current Retention: 21 days hourlytrsum: Logs and Indexes: 97M Current Retention: 21 days dailytrsum: Logs and Indexes: 5.2M Current Retention: 20 days weeklytrsum: Logs and Indexes: 948K Current Retention: 18 days thsum: Logs and Indexes: 204K Current Retention: 0 days hourlythsum: Logs and Indexes: 268K Current Retention: 0 days dailythsum: Logs and Indexes: 252K Current Retention: 0 days weeklythsum: Logs and Indexes: 40K Current Retention: 0 days appstatdb: Logs and Indexes: 2.2M Current Retention: 21 days userid: Logs and Indexes: 16K Current Retention: 0 days iptag: Logs and Indexes: 16K Current Retention: 0 days hipmatch: Logs and Indexes: 20K Current Retention: 0 days hip-reports: Logs and Indexes: Current Retention: 0 days extpcap: Logs and Indexes: 16K Current Retention: 0 days urlsum: Logs and Indexes: 204K Current Retention: 0 days hourlyurlsum: Logs and Indexes: 268K Current Retention: 0 days dailyurlsum: Logs and Indexes: 252K Current Retention: 0 days weeklyurlsum: Logs and Indexes: 40K Current Retention: 0 days gtp: Logs and Indexes: 16K Current Retention: 0 days gtpsum: Logs and Indexes: 200K Current Retention: 0 days hourlygtpsum: Logs and Indexes: 268K Current Retention: 0 days dailygtpsum: Logs and Indexes: 252K Current Retention: 0 days weeklygtpsum: Logs and Indexes: 40K Current Retention: 0 days auth: Logs and Indexes: 16K Current Retention: 0 days sctp: Logs and Indexes: 16K Current Retention: 0 days sctpsum: Logs and Indexes: 200K Current Retention: 0 days hourlysctpsum: Logs and Indexes: 8.0K Current Retention: 0 days dailysctpsum: Logs and Indexes: 8.0K Current Retention: 0 days weeklysctpsum: Logs and Indexes: 8.0K Current Retention: 0 days decryption: Logs and Indexes: 16K Current Retention: 0 days desum: Logs and Indexes: 200K Current Retention: 0 days hourlydesum: Logs and Indexes: 8.0K Current Retention: 0 days dailydesum: Logs and Indexes: 8.0K Current Retention: 0 days weeklydesum: Logs and Indexes: 8.0K Current Retention: 0 days globalprotect: Logs and Indexes: 16K Current Retention: 0 days application: Logs and Indexes: 12K Current Retention: 10 days filters: Logs and Indexes: 4.0K Current Retention: 0 days dlp: Logs and Indexes: 4.0K Current Retention: 0 days hip_report_base: Logs and Indexes: 1.1M Current Retention: N/A wildfire: Logs and Indexes: 40K Current Retention: N/A Space reserved for cores: 0MB
Additional Information