Why does the PA firewall generate excessive amount of logs in the traffic log?

Why does the PA firewall generate excessive amount of logs in the traffic log?

4856
Created On 08/02/22 12:49 PM - Last Modified 09/29/23 21:12 PM


Question


Why does the PA firewall generate excessive amount of logs in the traffic log?

Environment


  • Palo Alto Firewall
  • Traffic logs

Answer


  1. The traffic logs are generated on the firewall only when the traffic is passing through it and logging is enabled.
  2. The firewall can generate a log for any traffic at two stages once when the session starts and once when the session ends.
  3. Use of the option "log at session start" is not suggested  as it will increase logs significantly. It is used only for debugging purposes.
  4. Check all the security policies to see if the "log at session start" is selected. Disabling it will reduce the amount of logs.
  5. Checking which security policy generated the most logs from the traffic log will give an idea of what kind of traffics are generating these logs. One can control it by diverting the traffic to some other direction or stop logging.
  6. Another option is to forward the logs to external logging servers like Panorama/Log-collector or Syslog server for longer log retention.

 

Additional Information
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000Cr2KCAS&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail