How to Determine How Much Disk Space is Allocated to Logs

How to Determine How Much Disk Space is Allocated to Logs

137794
Created On 09/25/18 19:52 PM - Last Modified 08/08/22 23:02 PM


Environment
  • Palo Alto Firewall


Resolution

Procedure

 

View Disk space allocated to logs

  1. From the CLI run the command show system disk-space
PA-VM> show system disk-space
Filesystem      Size  Used Avail Use% Mounted on
/dev/root       7.0G  4.1G  2.6G  62% /
none            3.2G   92K  3.2G   1% /dev
/dev/sda5        16G  2.4G   13G  16% /opt/pancfg
/dev/sda6       8.0G  3.2G  4.4G  43% /opt/panrepo
tmpfs           2.2G  1.7G  412M  81% /dev/shm
cgroup_root     3.2G     0  3.2G   0% /cgroup
/dev/sda8        21G  511M   20G   3% /opt/panlogs
  1. Check the /opt/panlogs partition shows how much is allocated to the logs


View and edit Disk quota for specific logs

From GUI

  1. Device > Setup > scroll down to Logging and Reporting Settings
  2. Click the Gear icon
Logging and Reporting
NOTE: Logs are purged when the quota is exceeded, so it is recommended not to allocate more than 95% of the space to allow some buffer space. Set the "Max Days" (Retention Period) so that log purging operation works seamlessly and prevents the disk from filling up.



From the CLI

  1. Use the show system logdb-quota ccommand
PA-VM> show system logdb-quota

Quotas:
              system: 4.00%, 0.609 GB Expiration-period: 0 days
              config: 4.00%, 0.609 GB Expiration-period: 0 days
               alarm: 3.00%, 0.457 GB Expiration-period: 0 days
             appstat: 4.00%, 0.609 GB Expiration-period: 0 days
         hip-reports: 1.00%, 0.152 GB Expiration-period: 0 days
             traffic: 29.00%, 4.414 GB Expiration-period: 0 days
              threat: 15.00%, 2.283 GB Expiration-period: 0 days
               trsum: 7.00%, 1.065 GB Expiration-period: 0 days
         hourlytrsum: 3.00%, 0.457 GB Expiration-period: 0 days
          dailytrsum: 1.00%, 0.152 GB Expiration-period: 0 days
         weeklytrsum: 1.00%, 0.152 GB Expiration-period: 0 days
              urlsum: 2.00%, 0.304 GB Expiration-period: 0 days
        hourlyurlsum: 1.00%, 0.152 GB Expiration-period: 0 days
         dailyurlsum: 1.00%, 0.152 GB Expiration-period: 0 days
        weeklyurlsum: 0.75%, 0.114 GB Expiration-period: 0 days
               thsum: 2.00%, 0.304 GB Expiration-period: 0 days
         hourlythsum: 1.00%, 0.152 GB Expiration-period: 0 days
          dailythsum: 1.00%, 0.152 GB Expiration-period: 0 days
         weeklythsum: 1.00%, 0.152 GB Expiration-period: 0 days
              userid: 1.00%, 0.152 GB Expiration-period: 0 days
               iptag: 1.00%, 0.152 GB Expiration-period: 0 days
   application-pcaps: 1.00%, 0.152 GB Expiration-period: 0 days
             extpcap: 1.00%, 0.152 GB Expiration-period: 0 days
  debug-filter-pcaps: 1.00%, 0.152 GB Expiration-period: 0 days
            dlp-logs: 1.00%, 0.152 GB Expiration-period: 0 days
            hipmatch: 3.00%, 0.457 GB Expiration-period: 0 days
                 gtp: 2.00%, 0.304 GB Expiration-period: 0 days
              gtpsum: 1.00%, 0.152 GB Expiration-period: 0 days
        hourlygtpsum: 0.75%, 0.114 GB Expiration-period: 0 days
         dailygtpsum: 0.75%, 0.114 GB Expiration-period: 0 days
        weeklygtpsum: 0.75%, 0.114 GB Expiration-period: 0 days
                auth: 1.00%, 0.152 GB Expiration-period: 0 days
                sctp: 0.00%, 0.000 GB Expiration-period: 0 days
             sctpsum: 0.00%, 0.000 GB Expiration-period: 0 days
       hourlysctpsum: 0.00%, 0.000 GB Expiration-period: 0 days
        dailysctpsum: 0.00%, 0.000 GB Expiration-period: 0 days
       weeklysctpsum: 0.00%, 0.000 GB Expiration-period: 0 days
          decryption: 1.00%, 0.152 GB Expiration-period: 0 days
               desum: 1.00%, 0.152 GB Expiration-period: 0 days
         hourlydesum: 0.00%, 0.000 GB Expiration-period: 0 days
          dailydesum: 0.00%, 0.000 GB Expiration-period: 0 days
         weeklydesum: 0.00%, 0.000 GB Expiration-period: 0 days
       globalprotect: 1.00%, 0.152 GB Expiration-period: 0 days

Disk usage:
traffic: Logs and Indexes: 104M Current Retention: 21 days
threat: Logs and Indexes: 24K Current Retention: 0 days
system: Logs and Indexes: 17M Current Retention: 21 days
config: Logs and Indexes: 8.3M Current Retention: 21 days
alarm: Logs and Indexes: 20K Current Retention: 0 days
trsum: Logs and Indexes: 106M Current Retention: 21 days
hourlytrsum: Logs and Indexes: 97M Current Retention: 21 days
dailytrsum: Logs and Indexes: 5.2M Current Retention: 20 days
weeklytrsum: Logs and Indexes: 948K Current Retention: 18 days
thsum: Logs and Indexes: 204K Current Retention: 0 days
hourlythsum: Logs and Indexes: 268K Current Retention: 0 days
dailythsum: Logs and Indexes: 252K Current Retention: 0 days
weeklythsum: Logs and Indexes: 40K Current Retention: 0 days
appstatdb: Logs and Indexes: 2.2M Current Retention: 21 days
userid: Logs and Indexes: 16K Current Retention: 0 days
iptag: Logs and Indexes: 16K Current Retention: 0 days
hipmatch: Logs and Indexes: 20K Current Retention: 0 days
hip-reports: Logs and Indexes:  Current Retention: 0 days
extpcap: Logs and Indexes: 16K Current Retention: 0 days
urlsum: Logs and Indexes: 204K Current Retention: 0 days
hourlyurlsum: Logs and Indexes: 268K Current Retention: 0 days
dailyurlsum: Logs and Indexes: 252K Current Retention: 0 days
weeklyurlsum: Logs and Indexes: 40K Current Retention: 0 days
gtp: Logs and Indexes: 16K Current Retention: 0 days
gtpsum: Logs and Indexes: 200K Current Retention: 0 days
hourlygtpsum: Logs and Indexes: 268K Current Retention: 0 days
dailygtpsum: Logs and Indexes: 252K Current Retention: 0 days
weeklygtpsum: Logs and Indexes: 40K Current Retention: 0 days
auth: Logs and Indexes: 16K Current Retention: 0 days
sctp: Logs and Indexes: 16K Current Retention: 0 days
sctpsum: Logs and Indexes: 200K Current Retention: 0 days
hourlysctpsum: Logs and Indexes: 8.0K Current Retention: 0 days
dailysctpsum: Logs and Indexes: 8.0K Current Retention: 0 days
weeklysctpsum: Logs and Indexes: 8.0K Current Retention: 0 days
decryption: Logs and Indexes: 16K Current Retention: 0 days
desum: Logs and Indexes: 200K Current Retention: 0 days
hourlydesum: Logs and Indexes: 8.0K Current Retention: 0 days
dailydesum: Logs and Indexes: 8.0K Current Retention: 0 days
weeklydesum: Logs and Indexes: 8.0K Current Retention: 0 days
globalprotect: Logs and Indexes: 16K Current Retention: 0 days
application: Logs and Indexes: 12K Current Retention: 10 days
filters: Logs and Indexes: 4.0K Current Retention: 0 days
dlp: Logs and Indexes: 4.0K Current Retention: 0 days
hip_report_base: Logs and Indexes: 1.1M Current Retention: N/A
wildfire: Logs and Indexes: 40K Current Retention: N/A

Space reserved for cores:       0MB


Additional Information
​​​​​​

Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgZCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language