Management CLI and XML API Changes

PAN-OS® 8.0 has the following CLI and XML API changes for firewall and Panorama™ management features:
Feature
Change
Log retention on Log Collectors
(PAN-OS 8.0.2 and later releases) The operational command to determine the effective log retention periods on Log Collectors is changed.
In certain cases, the effective retention period for each log type differs from its configured retention period (PanoramaCollector Groups<Collector_Group>GeneralLog Storage). This happens when the amount of used storage approaches the maximum quota for a log type, forcing the Log Collector to delete the oldest logs of that type even if those logs don’t exceed the configured retention period. The Log Collector deletes old logs to clear space for new logs.
  • PAN-OS 8.0.1 and earlier releases:
    > show system logdb-quota
  • PAN-OS 8.0.2 and later releases:
    • On Dedicated Log Collectors, the command is:
      > show log-collector-es-indices
    • On the Panorama management server (local Log Collectors), the command for each Collector Group is:
      > show log-collector-es-indices log-collector-grp-name <CG_name>
    You can determine the effective retention periods by checking the dates of the Oldest indices in the command output. Each index has the following format: pan_<year><month><day>_<log_type>, where <year><month><day> indicates the date of the index. In the following example, the oldest Configuration and System logs (cfgsys) are dated February 2, 2017 (20170202) and the oldest Traffic Summary logs (trsum) are dated February 14, 2017 (20170214):
    Oldest indices:
    pan_20170202_cfgsys_0007se00004
    pan_20170214_trsum_0007se00004
Log forwarding
With the introduction of selective log forwarding based on log attributes, you must now specify the name of a custom-filter match list in related CLI commands:
  • PAN-OS 7.1 and earlier releases:
    # show shared log-settings system * 
    # set shared log-settings system *  
    # show shared log-settings config * 
    # set shared log-settings config * 
    # show shared log-settings hipmatch * 
    # set shared log-settings hipmatch * 
    # show shared log-settings profiles <name> * 
    # set shared log-settings profiles <name> *
  • PAN-OS 8.0 release:
    # show shared log-settings system match-list * 
    # set shared log-settings system match-list * 
    # show shared log-settings config match-list * 
    # set shared log-settings config match-list * 
    # show shared log-settings hipmatch match-list * 
    # set shared log-settings hipmatch match-list * 
    # show shared log-settings profiles <name> match-list * 
    # set shared log-settings profiles <name> match-list *

Related Documentation