New storage features: threat/system, audit logs and PCAPs (7.1.1 Firmware)

12/12/2023 6 People found this article helpful 152,045 Views

Description

The Device | Settings > Storage > Settings page displays information for your network security appliance about:

• Primary storage
• Secondary storage (if available for your network security appliance

The advantages of Storage are:

• Storage module is used to store systems logs created from SonicOS 7.1.0, threat logs, packet captures and logs created from the SonicOS 7.0.1 when upgraded to SonicOS 7.1.0 from SonicOS 7.0.1 builds.
• Storage allows log persistency when firewall is rebooted.
• The system logs, threat logs and packet capture is allocated 10% of the total storage space each and the log file is allocated with 1 Gigabyte storage space.

Storage Settings Tab

Storage provides a way to select between the Primary Storage and Secondary Storage modules for storing the
log files. The Primary Storage module is used by default if both modules are available on the security appliance. If
you change the storage option, SonicOS begins storing log files on the selected storage module immediately.

Storage also provides a way to purge all files from either storage module.

Storage is disabled if your security appliance does not have any available storage modules.

Unlike Primary Storage that is meant to be used by only one firewall, the Secondary Storage module is a shared
device that can be used on multiple firewalls if successfully activated on each firewall. In the Secondary Storage
module, a top-level directory is created with the firewall EPAID as the directory name. Applications create sub directories inside this top-level directory and store their data there.

The Settings tab gives a pie chart representation of each storage module. It gives a high level representation of
storage space used by each module and also the remaining available space.

Each storage module is assigned with 10% of the total storage space.

Storage File Tab
The File page under Device | Settings > Storage, provides a way to view diagnostics data, system logs, threat
logs, packet captures, logs and to configure backup.

NOTE: To be able to capture system logs, threat logs, packet captures, you need to enable External Storage in the Settings on this page.

Diagnostics Data
To view diagnostics data:

1. Navigate to Device | Settings > Storage > Files.
2. Click on Diagnostics Data tab. This page displays all the created files.

To download diagnostics data:

1. Navigate to Device | Settings > Storage > Files
2. Click on Diagnostics Data tab. This page displays all the created files.
3. Hower on the file that you need to download and click on the download icon.

Configuration Backup
To create backup:

1. Navigate to Device | Settings > Storage > Files
2. Click on Configuration Backup tab.
3. Click on Create Backup.
4. Enable/Disable the Retain Local Backup toggle button as per your requirement.
5. Add comment to the Comment text box.
6. Click OK.

NOTE: The backup created is stored in Primary storage only and can't be changed.

System Logs
To store System Logs to External Storage:

1. Navigate to Device | Settings > Storage > Files.
2. Click on System Logs tab.
3. Click on Settings tab.

4. Enable the Store Logs to External Storage toggle button.

5. Select Primary or Secondary from the drop-down for System Logs Storage Device Type and for Audit Logs Storage Device Type.
6. Click OK.

Threat Logs
To export the threat logs:

1. Navigate to Device | Settings > Storage > Files.
2. Click on Threat Logs tab.
3. Click on download icon beside the selected threat log.