High log DB usage-paloaltonetworks-panos
Vendor: paloaltonetworks
OS: panos
Description:
indeni will alert if the log DB utilization of a device is above a high threshold.
Remediation Steps:
More information is available at https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Determine-How-Much-Disk-Space-is-Allocated-to-Logs/ta-p/53828
How does this work?
This alert uses the Palo Alto Networks API to retrieve the current status of the log DBs (the equivalent of running “show system logdb-quota” in CLI).
Why is this important?
The log DB stores a variety of different log types on a Palo Alto Networks device. Most log databases will auto-purge older logs. In many environments, though, such behavior is not desired. Users should know if they are reaching the maximum amount of logs they can retain of a certain type and assess the possible impact.
Without Indeni how would you find this?
An administrator could write a script to leverage the Palo Alto Networks API to collect this data periodically and alert appropriately. The web interface can also be used to check the current status of the log DB utilization.
panos-show_system_logdb-quota
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/show-system-logdb-quota/show-system-logdb-quota.ind.yaml
palo_alto_networks_high_logdb_usage
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/paloaltonetworks/palo_alto_networks_high_logdb_usage.scala