TZ670 Memory and Logs
I have the TZ670 that I am moving to from a 2650. I noticed that the Log Dump to emails the 670 is more frequent than the 2650. I get the TZ670 every few days and I do not recall when I got one from the 2650 other than a restart.
Where are the logs saved on the 670 and can one change that? The 670 has 32GB memory installed. When I go to device/storage (or system/storage in classic view), I see my primary is 8GB free of 8GB and secondary is 27GB free of 32 and 0 logs. On the 2650 I have 4GB Ram and 16GB Built in Storage (using 174 MB).
If I have both the 670 and 2650 log settings configured the same, should I get a similar rate of when the log is dumped to email?
Are there settings on the usage of the memory? Where are the logs saved? What is primary memory used for? What is secondary memory used for?
I did notice that on App Flow Reports, for the various items (users, IP, Virus, Intrusion, Spyware, etc...) the TZ670 has a Limit of 10 and 2650 is set to a limit of 50.
Answers
Looking at these articles, on my 2650, it is using the "Built In Storage" which is 16GB.
On the 670 it is using the primary storage (8GB) by default and I need to change to secondary (32GB) which is on Page 80 of the SonicOS 7.0 Device Settings guide. Any reason to not change this to secondary?
On the 670, when using primary storage, is the device only allowed to use a small amount of the 8GB and that is why it is dumping to emails?
When I look at the settings. storage, Primary it shows
Diagnostic 5MB
Configuration Data 1MB
Available 8GB
Secondary shows
Logs Data 0
Available 27GB
https://www.sonicwall.com/support/knowledge-base/how-to-configure-flexible-storage-on-sonicwall/200520095513933/
https://www.sonicwall.com/techdocs/pdf/sonicos-7-0-0-0-device_settings.pdf
The 670 comes with a 32GB secondary module in place for long term storage. You can go ahead and enable it in the UI screen below. This way the secondary module will keep the logs for long term storage. The primary storage is ephemeral and has FIFO and will dump on reboot etc...
thanks. I made the change. How much of the primary memory does the log data use? Looking at Settings/Storage/Primary it was not clear.
Now that I enabled secondary, should I need to purge the primary and if so, how?
Also, where are local backups stored?
I made the change to store the logs on the secondary memory a few days ago. This morning I got an email log dump. It was only 1 email. on the 2650 a log dump would be around 5.
The log items are still showing on the device.
I am not sure why I got the log dump.
System up time is 5+ days so it is not that it rebooted.
Log Automation Settings is to send log when full.
Any ideas?
Today I received two log dump emails. The first at 6:08am had one entry. The second at 1:24pm had three entries.
Logging in, the log is there so it is not dumping and erasing memory.
Any ideas why I am getting these log dumps?
I just checked the log and looks like there are entries only to yesterday. I turned on secondary memory earlier in the week. I just did a restart in case that needed to be done. After the restart, the log was cleared.
I got another log dump at 8pm 6/16 (last night). only one entry in the email. i looked at the log on the 670 and entries go back to 8pm 6/15 (clicked on look last 7 days). The log shows there are 1994 entries?
Any idea what it is dumping and not saving more entries?
Also why do the dump emails not have all entries at the time of dump?
yesterday I got 3 email log dumps. All part 1. At 1:32AM, 9:51AM, and 6:05pm.
Any ideas why this is dumping?
Anyone have any ideas on this? Sonicwall Support has not been helpful.