Dimension log time frame
Our Dimension server is only keeping the current days logs. I am unable to see any logs prior to the current date starting at midnight. Where can I change this to keep logs for a longer time frame? We are logging data from 7 different WatchGuards ranging from T30 to M500.
0
Sign In to comment.
Comments
Logging is limited by the size of your Dimension VM disk.
Are you trying to change the "Start" date at the top right of Dimension ?
If not, click on the date and a calendar screen will show up, and days which have Dimension data will appear in a darker gray.
You can then select desired Start & End dates/times
It is only showing the current day. Used the OVA to create the server and it has a 40 GB drive for the secondary drive. Sure seems like 40 GB would give more than just one day of logs.
I'm not aware of any other way that Dimension logs can be limited to a specific date or 1 day, or purged other than reaching the max DB size.
You can see your current DB size: - select the Gear icon -> Database.
Disk Usage will show the size in use
29.62GB of 31GB used by database (7GB free on disk)
I should be able to see more than just the one day. Guess I can stand up a new Dimension server to see if it will show more than the one day.
Hello Doug,
By default, Dimension will utilize 95% of the data disk at which point it'll start to purge the oldest log/reporting data. During deployment, 20% of the data disk is reserved for temp reporting tables and database maintenance. With the default data disk size of 40GB, ~31GB will be used to store logs and summary data.
Based on your numbers, the database is at the mentioned 95% capacity. At the current log rate from devices logging to Dimension, your max retention period is just one day.
Check individual device log rates on the Database Status Report on Dimension (Database / Diagnostics / Status Report) and make sure you haven't left Debug logging enabled on individual policies or firewall components. Log rate stats are based on the last 24hrs. If you do not see any Debug logs reported on the Status Report for any of the active devices then your daily disk space required to keep a days worth of logs is 30GB. ~0.75GB of disk space is needed to store ~1 million log events.
p.s your data retention can also be based on the number of days as long as your data disk is big enough. This can be configured from Server Management | Configuration | Database Size / Automatically delete data older than.