Palo Alto Networks Knowledgebase: Daily Packet Capture Limit Message in System Logs
Daily Packet Capture Limit Message in System Logs
Created On 02/07/19 23:42 PM - Last Updated 02/07/19 23:42 PM
Zone and DoS Protection
Prior to PAN-OS 6.0, the maximum packet capture limit was 131072. This document explains the description of a system log entry which indicates the daily packet capture limit has been reached.
Note: In PAN-OS 6.0, there is no threat pcap limit, and instead, the newest pcaps will overwrite the oldest ones if the configured pcap partition limit is reached.
The following log entry in System logs (Device > Monitor > System logs) shows the daily packet capture limit is met:
2011/05/11 10:08:42 high general general 0 Daily packet capture limit (directory threat/20110511, limit 131072) has been reached.
When the first 131072 packet captures are collected (based on the configured threat prevention security profiles associated to the security policies), no further captures will be collected for that day.
Note: If the device is collecting unnecessary packet captures everyday, then restrict the packet captures only for interested traffic triggered by the security policy. In the threat prevention security profiles; such as Antivirus, Anti Spyware and Vulnerability Protection, only enable packet captures for the required rulenames, severity levels and threat IDs. This will improve the space to collect more packet captures on a daily basis.