Palo Alto Networks Knowledgebase: M-100 Panorama Does Not Show Proper Free Disk Space Information

M-100 Panorama Does Not Show Proper Free Disk Space Information

Created On 02/07/19 23:46 PM - Last Updated 02/07/19 23:46 PM
Cortex Data Lake Panorama


On the Panorama > Setup > Management page, in the Logging and Reporting Settings section, the information shown may be similar to the following:

Log Storage   Total: 50.54 GB
              Free: 2.253 GB

However, the Panorama has multiple drives, with more than a total of 50 GB for storage. So, the information presented is incorrect and confusing.



For the M-100, the correct location to check disk space is under the General tab at Panorama > Collector Groups > Collector Group Name. The storage capacity will not appear as exactly 1 TB, but will be close to 931.51 GB (as some space is allocated for indexing, etc.). This represents the space used for logs on M-100.  Currently the word "Free" is used in these screens, but this will be changed to “Unallocated”. Because we are talking about unallocated space here not free space.



But even with that, the system will not show the true “Free Space” until you are logged in via SSH /console and enter the following command:

> show system disk-space

Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2             7.6G  1.2G 6.1G  16% /
/dev/sda5              23G  480M 21G   3% /opt/pancfg
/dev/sda6              16G  909M 14G   7% /opt/panrepo
tmpfs                 7.9G     0 7.9G   0% /dev/shm
/dev/sda8              56G   17G 37G  31% /opt/panlogs
/dev/loop0             16G  173M 15G   2% /opt/logbuffer
/dev/md1              917G  200M 871G   1% /opt/panlogs/ld1
/dev/md2              917G  200M 871G   1% /opt/panlogs/ld2
/dev/md3              917G  200M 871G   1% /opt/panlogs/ld3
/dev/md4              917G  200M 871G   1% /opt/panlogs/ld4

This shows an accurate view of how much free space is available. In the example above, the /dev/md1, md2, md3 and md4 are the partitions where all of the logs will be stored.

Allocation for logs is the entire 917 GB drive, but only 200 MB is currently being used, and 871 GB is currently available for logs.

The % number may be off some due to system files, and indexing files using up some free space also.

The assumption is that most customers that have a system running for a while all of the partitions will become "full" and stay "full". If the system is working properly, then the

quota values will kick in and purge unwanted logs as needed.

Most of the time the customers should be looking at how old is the oldest log and adjust the partitions based on the oldest log.

In order to view the oldest log of a particular type, they should just go to the UI and change the sort direction from DESC to ASC.


owner: jdelio

  • Print
  • Copy Link

Choose Language