Allocate Storage Based on Log Type
Table of Contents
Expand all | Collapse all
-
- Cortex Data Lake for Panorama-Managed Firewalls
- Start Sending Logs to a New Cortex Data Lake Instance
- Configure Panorama in High Availability for Cortex Data Lake
- Allocate Storage Based on Log Type
- View Cortex Data Lake Status
- View Logs in Cortex Data Lake
- TCP Ports and FQDNs Required for Cortex Data Lake
- Sizing for Cortex Data Lake Storage
-
- Forward Logs from Cortex Data Lake to a Syslog Server
- Forward Logs from Cortex Data Lake to an HTTPS Server
- Forward Logs from Cortex Data Lake to an Email Server
- Log Record Formats
- Create Log Filters
- Server Certificate Validation
- List of Trusted Certificates for Syslog and HTTPS Forwarding
- Log Forwarding Errors
Allocate Storage Based on Log Type
For Cloud NGFW for AWS resources,
Cortex
Data Lake
dynamically allocates total storage based on usage.
That is why you may see your total amount of storage changing if you use Cloud NGFW
for AWS. To store logs in
Cortex
Data Lake
,
you must set the log storage quota (the amount of storage allocated
for each log type). Some log sources automatically
allocate storage at activation. Other sources require you to set
quota to a value greater than 0 before Cortex
Data Lake
will
store their logs. After you activate a new app or service that sends
data to Cortex
Data Lake
, verify that the quota manager
has storage allocated for it. When the log storage quota is not
configured, Cortex
Data Lake
saves logs in the
unallocated space that the quota manager automatically assigns.After
you allocate log storage quota, view your actual storage utilization
under
STATUS
. - Sign Into the hub.To view the Cortex Data Lake app, you must have the correct user role. Learn more about app roles and how to assign them.
- Select the Cortex Data Lake instance for which you want to allocate log storage quota.If you have multiple Cortex Data Lake instances, click the Cortex Data Lake tile and select the instance from the drop-down of available instances associated with your account.
- SelectCONFIGURATIONand adjust the storage allocated for each log type.FieldValueQUOTA (%)(Optional) The percentage of your total Cortex Data Lake capacity that you want to allocate for each log type.SettingQUOTAfor a log type to 0% means that Cortex Data Lake does not store the logs. If you resetQUOTAto 0%, all existing logs will be deleted.Leave this field blank to allocate all remaining storage to a log type. If you leave this field blank for multiple log types, they all share the remaining unallocated storage. When no more unallocated storage remains, Cortex Data Lake deletes the oldest logs among the log types with this field empty.ALLOCATED SIZE(Read-only) The amount of log storage space allocated for each log type in KB, MB, GB, or TB.MAX RETENTION DAYS(Optional) The number of days that Cortex Data Lake retains logs. Set this value only if you have a company or regulatory retention policy that requires you to delete logs after a given time period. If you leave this field blank, Cortex Data Lake will not delete logs until the available storage space runs out.SettingMAX RETENTION DAYSfor a log type to 0 means that Cortex Data Lake does not store the logs. If you setMAX RETENTION DAYSto 0, all existing logs will be deleted.ACTUAL RETENTION DAYS(Read-only) The number of days that logs have been stored in Cortex Data Lake. Logs are rolled over when the max days is reached or the available storage space runs out. Use this information to learn about the current utilization of Cortex Data Lake or which logs it has retained the longest and assess if you need to reallocate quota to meet your log retention policy.You can toggle whether to store or ingest log data from individual firewalls in theInventorytab.
- Applyyour changes.