System Log : "Daily packet capture limit (directory application/xxxxxx, limit 131072) has been reached"

System Log : "Daily packet capture limit (directory application/xxxxxx, limit 131072) has been reached"

8987
Created On 03/30/22 07:08 AM - Last Modified 04/10/23 19:33 PM


Symptom


  • Monitor > System log showing the "Daily packet capture limit (directory application/xxxxxx, limit 131072) has been reached "
  • Under Monitor > Packet Capture, there is no packet capture enabled
  • Checking application setting from CLI can see "unknown capture" is enabled.
admin@SUBISU-PA> show running application setting | match "Unknown capture"
Unknown capture               : on
  • There are many unknown application in customer environment

Environment


  • Palo Alto Networks Firewall

Cause


Since there are many "Unknown" applications and due to following setting on the firewall, it is hitting daily packet capture limit.

Resolution


There are two options to resolve the issue:
  1. Either app override all the unknown application. 
    1. Application Override
  2. Or turn it off from the CLI
> configure
# run show running application setting | match "Unknown capture"
  Unknown capture               : on
# set deviceconfig setting application dump-unknown off
# commit
Verify changes.
# run show running application setting | match "Unknown capture"
  Unknown capture               : off
# exit    
    Note: This setting can be changed in operational mode as well but it is not reboot persistent.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NrWCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language