After you Perform Initial Configuration of the Panorama Virtual Appliance, it will have one disk partition for all data in which approximately 11GB is allocated for log storage. Increasing the disk size doesn’t increase the log storage capacity. If you need up to 8TB of log storage, you can add a virtual disk to Panorama installed on a VMware ESXi server or in VMware vCloud Air. If you need more than 8TB, you can mount Panorama to an NFS datastore but only on the ESXi server, not in vCloud Air. For additional log storage, you can also forward firewall logs to Dedicated Log Collectors (see Configure a Managed Collector) or Configure Log Forwarding from Panorama to External Destinations.
Panorama can use only one virtual disk for logging. Therefore, if you add a virtual disk that is dedicated for logging, Panorama stops using the default 11GB log storage on the original disk and copies any existing logs to the new disk. (Panorama continues using the original disk for data other than logs.) If you replace an existing dedicated logging disk of up to 2TB storage capacity with a disk of up to 8TB, you will lose the logs on the existing disk. To preserve the logs, your choices are:
Configure log forwarding to external destinations before you replace the virtual disk. Set up a new Panorama virtual appliance for the new 8TB disk and maintain access to the Panorama containing the old disk for as long as you need the logs. To forward firewall logs to the new Panorama virtual appliance, one option is to reconfigure the firewalls to connect with the new Panorama IP address (select Device > Setup > Management and edit the Panorama Settings), add the firewalls as managed devices to the new Panorama, and Configure Log Forwarding to Panorama. To reuse the old Panorama IP address on the new Panorama, another option is to export the configuration of the old Panorama and then import and load the configuration on the new Panorama. Copy logs from the old disk to the new disk. Copying can take several hours, depending on how many logs the disk currently stores, and Panorama cannot collect logs during the process. Contact Palo Alto Networks Customer Support for instructions.
Before expanding log storage capacity, Determine Panorama Log Storage Requirements.
Add a Virtual Disk to Panorama on an ESXi Server
To expand log storage capacity beyond the approximately 11GB internal storage allocated by default on the Panorama virtual appliance, you can add another virtual disk. Panorama running on ESXi 5.5 and later versions supports a virtual disk of up to 8TB. Panorama running on earlier ESXi versions supports a virtual disk of up to 2TB.
If Panorama loses connectivity to the new virtual disk, Panorama might lose logs during the failure interval. To allow for redundancy, use the virtual disk in a RAID configuration. RAID10 provides the best write performance for applications with high logging characteristics. If necessary, you can Replace the Virtual Disk on an ESXi Server.
Add a Virtual Disk to Panorama on an ESXi Server
Access the VMware vSphere Client and select Virtual Machines.
Right-click the Panorama virtual appliance and select Power > Power Off.
Right-click the Panorama virtual appliance and select Edit Settings.
Click Add in the Hardware tab to launch the Add Hardware wizard.
Select Hard Disk as the hardware type and click Next.
Create a new virtual disk and click Next.
Set the Disk Size to up to 8TB.
Select the Thick Provision Lazy Zeroed disk format and click Next.
Select Store with the virtual machine as the Location and click Next.
Select a SCSI Virtual Device Node (you can use the default selection) and click Next. The selected node must be in SCSI format; Panorama will fail to boot if you select another format.
Verify that the settings are correct and click Finish to exit the wizard. The new disk appears in the list of devices for the virtual appliance.
Right-click the Panorama virtual appliance and select Power > Power On. The virtual disk initializes for first-time use. The size of the new disk determines how long initialization takes. After initialization, Panorama moves all existing logs on the internal storage to the new disk and writes all new entries to it.
Log in to Panorama, select Panorama > Setup > Management and, in the Logging and Reporting Settings section, verify that the Log Storage capacity accurately displays the new disk capacity.
Add a Virtual Disk to Panorama in vCloud Air
To expand log storage capacity beyond the approximately 11GB internal storage allocated by default on the Panorama virtual appliance in vCloud Air, you can add another virtual disk of up to 8TB.
If Panorama loses connectivity to the new virtual disk, Panorama might lose logs during the failure interval. If necessary, you can Replace the Virtual Disk on vCloud Air.
Add a Virtual Disk to Panorama in vCloud Air
Access the vCloud Air web console and select your Virtual Private Cloud OnDemand region.
Select the Panorama virtual appliance in the Virtual Machines tab.
Select Actions > Edit Resources and Add another disk.
Set the Storage to up to 8TB and set the storage tier to Standard or SSD-Accelerated.
Save your changes.
Log in to Panorama, select Panorama > Setup > Management and, in the Logging and Reporting Settings section, verify that the Log Storage capacity accurately displays the new disk capacity.
Mount the Panorama ESXi Server to an NFS Datastore
When the Panorama virtual appliance runs on an ESXi server, mounting to a Network File System (NFS) datastore enables logging to a centralized location and expanding the log storage capacity beyond what a virtual disk supports. (ESXi 5.5 and later versions can support a virtual disk of up to 8TB. Earlier ESXi versions support a virtual disk of up to 2TB.) Before setting up an NFS datastore in a Panorama high availability (HA) configuration, see Logging Considerations in Panorama HA.
Mount the Panorama ESXi Server to an NFS Datastore
Select Panorama > Setup > Operations and, in the Miscellaneous section, click Storage Partition Setup.
Set the Storage Partition type to NFS V3.
Enter the IP address of the NFS Server.
Enter the Log Directory path for storing the log files. For example, export/panorama.
For the Protocol, select TCP or UDP, and enter the Port for accessing the NFS server. To use NFS over TCP, the NFS server must support it. Common NFS ports are UDP/TCP 111 for RPC and UDP/TCP 2049 for NFS.
For optimal NFS performance, in the Read Size and Write Size fields, specify the maximum size of the chunks of data that the client and server pass back and forth to each other. Defining a read/write size optimizes the data volume and speed in transferring data between Panorama and the NFS datastore.
( Optional ) Select Copy On Setup to copy the existing logs stored on Panorama to the NFS volume. If Panorama has a lot of logs, this option might initiate the transfer of a large volume of data.
Click Test Logging Partition to verify that Panorama can access the NFS Server and Log Directory.
Click OK and Commit, set the Commit Type to Panorama, and click Commit again. Until you reboot, the Panorama virtual appliance writes logs to the local storage disk.
Select Panorama > Setup > Operations and select Reboot Panorama in the Device Operations section. After rebooting, Panorama starts writing logs to the NFS datastore.

Related Documentation