Allocate Storage Based on Log Type
Table of Contents
Expand all | Collapse all
-
- Cortex Data Lake for Panorama-Managed Firewalls
- Start Sending Logs to a New Cortex Data Lake Instance
- Configure Panorama in High Availability for Cortex Data Lake
- Allocate Storage Based on Log Type
- View Cortex Data Lake Status
- View Logs in Cortex Data Lake
- TCP Ports and FQDNs Required for Cortex Data Lake
- Sizing for Cortex Data Lake Storage
-
- Forward Logs from Cortex Data Lake to a Syslog Server
- Forward Logs from Cortex Data Lake to an HTTPS Server
- Forward Logs from Cortex Data Lake to an Email Server
- Log Record Formats
- Create Log Filters
- Server Certificate Validation
- List of Trusted Certificates for Syslog and HTTPS Forwarding
- Log Forwarding Errors
- Forward Logs With Log Replay
Allocate Storage Based on Log Type
For Cloud NGFW for AWS resources,
Cortex
Data Lake
dynamically allocates total storage based on usage.
That is why you may see your total amount of storage changing if you use Cloud NGFW
for AWS. To store logs in
Cortex
Data Lake
, you must set the log storage
quota (the amount of storage allocated for each log type). Some log sources automatically allocate storage
at activation. Other sources require you to set quota to a value greater than 0
before Cortex
Data Lake
will store their logs.After you activate a new app or service that sends data to
Cortex
Data Lake
, verify that the quota manager has storage allocated
for it. When the log storage quota is not configured, Cortex
Data Lake
saves logs in any unallocated space.After you allocate log storage quota, view your actual storage utilization under
STATUS
.
- Sign Into the hub.To view theCortex Data Lakeapp, you must have the correct user role. Learn more about app roles and how to assign them.
- Select theCortex Data Lakeinstance for which you want to allocate log storage quota.If you have multipleCortex Data Lakeinstances, click theCortex Data Laketile and select the instance from the drop-down of available instances associated with your account.
- In yourCortex Data Lakeinstance, selectCONFIGURATION.
- Adjust the storage allocated for each log type.FieldValueQUOTA (%)(Optional) The percentage of your total Cortex Data Lake capacity that you want to allocate for each log type.SettingQUOTAfor a log type to 0% means thatCortex Data Lakedoes not store the logs. If you resetQUOTAto 0%, all existing logs will be deleted.Leave this field blank to allocate all remaining storage to a log type. If you leave this field blank for multiple log types, they all share the remaining unallocated storage. When no more unallocated storage remains,Cortex Data Lakedeletes the oldest logs among the log types with this field empty.ALLOCATED SIZE(Read-only) The amount of log storage space allocated for each log type in KB, MB, GB, or TB.MAX RETENTION DAYS(Optional) The number of days that Cortex Data Lake retains logs. Set this value only if you have a company or regulatory retention policy that requires you to delete logs after a given time period. If you leave this field blank,Cortex Data Lakewill not delete logs until the available storage space runs out.When a log type reaches its max retention days,Cortex Data Lakedeletes the oldest logs of that type.SettingMAX RETENTION DAYSfor a log type to 0 means thatCortex Data Lakedoes not store the logs. If you setMAX RETENTION DAYSto 0, all existing logs will be deleted.ACTUAL RETENTION DAYS(Read-only) The number of days that logs have been stored inCortex Data Lake. Logs are rolled over when the max days is reached or the available storage space runs out. Use this information to learn about the current utilization ofCortex Data Lakeor which logs it has retained the longest and assess if you need to reallocate quota to meet your log retention policy.You can toggle whether to store or ingest log data from individual firewalls in theInventorytab.
- Applyyour changes.