Why are some system and/or config logs missing on Panorama

Why are some system and/or config logs missing on Panorama

12171
Created On 12/29/20 02:20 AM - Last Modified 12/15/22 04:18 AM


Question


Why is the "system" (or config) log of Panorama present for higher number of days than that of Firewall?
  • Firewalls are configured to send logs to Panorama
  • When looking at the "system" or "config" logs, the logs sent by Firewall is present for a lesser period.
  • The logs of "system" or "config" of that of Panorama are present for higher number of days.

Environment


  • Panorama with Managed Firewalls
  • Supported PAN-OS
  • Log forwarding

Answer


  1. Panorama is storing its locally generated logs (system logs and configuration logs) on a local storage.
  2. The system and config Logs from firewall(s) are stored on the log collector or the logging disk.
  3. "Current Retention" information provides the approximate number of days the logs can be seen
  4. Example: In the command "show system logdb-quota", there are 2 sections, the first section (in yellow) provides information on the Panorama local storage (aka system disk), the second section (in blue) provides information on the logging disk.
  5. As the storage size differs between the 2 locations, the log retention will differ.
  6. So searching the oldest logs on the system will result in missing logs (due to the different retention period).
Note: Depending on the retention period, either the Firewall or Panorama logs can be stored for a higher number of days. 
admin@Panorama> show system logdb-quota 

Quotas:
              system: 30.00%, 3.984 GB Expiration-period: 0 days
              config: 25.00%, 3.320 GB Expiration-period: 0 days
         hip-reports: 1.00%, 0.133 GB Expiration-period: 0 days
             appstat: 35.00%, 4.648 GB Expiration-period: 0 days

Disk usage:
system: Logs and Indexes: 359.2MB Current Retention: 294 days
config: Logs and Indexes: 113.0MB Current Retention: 294 days
appstatdb: Logs and Indexes: 5.8MB Current Retention: 190 days
hip-reports: Logs and Indexes: 0 Current Retention: 0 days

Slot:0
        Quotas:
                detailed: 60.00%, 282 GB Expiration-period: 0 days
                summary: 30.00%, 141 GB Expiration-period: 0 days
                infra_audit: 5.00%, 24 GB Expiration-period: 0 days
                platform: 0.10%, 0 GB Expiration-period: 0 days
                external: 0.10%, 0 GB Expiration-period: 0 days

        Disk usage:
                detailed: Logs: 102 MB, Current Retention: 37 days
                summary: Logs: 16 MB, Current Retention: 37 days
                infra_audit: Logs: 0 MB, Current Retention: 0 days
                platform: Logs: 0 MB, Current Retention: 0 days
                external: Logs: 0 MB, Current Retention: 0 days

Space reserved for cores:       0MB


Additional Information


Panorama System and Configuration Logs
Log and Report Storage  
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HC5xCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language