https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264221#M11097 <P>I have one more question, so can we manual delete the logs on the cloud tenant harmony? because for now I still see the warning on tenant, but we have disable log record on some policy firewall.</P> Wed, 03 Dec 2025 02:06:01 GMT MarcuzShinz 2025-12-03T02:06:01Z https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264135#M11072 <P>Hi Checkmates,</P><P>I’m currently facing an issue with our Harmony Endpoint Cloud tenant displaying the following message: <EM>“Critical: data loss risk – daily log ingestion might be capped! For more information please see SK182394.”</EM> I checked the SK and it seems that our daily logs are exceeding the allowed threshold, and we need to optimize this by disabling firewall accept logs.</P><P>Does anyone know how long log retention is supported for a Harmony Cloud tenant, and what the maximum storage capacity is?</P> Tue, 02 Dec 2025 13:56:04 GMT https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264135#M11072 MarcuzShinz 2025-12-02T13:56:04Z https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264138#M11073 <H2>Data Storage and Retention</H2> <UL> <LI> <P><SPAN class="mc-variable Vars_Endpoint_SandBlast.tp_threat_hunting variable">Threat Hunting</SPAN><SPAN>&nbsp;</SPAN>and<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Endpoint_SandBlast.tp_endcap variable">Endpoint</SPAN><SPAN>&nbsp;</SPAN>Data Retention is 90 days by default.</P> </LI> <LI> <P>Ingestion limit is 110MB, per seat, per day.</P> </LI> <LI> <P>Additional Data Retention is available for 1 year, by using the<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Endpoint_SandBlast.tp_threat_hunting variable">Threat Hunting</SPAN><SPAN>&nbsp;</SPAN>Data Retention SKU/<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_horizon_events variable">Infinity Events</SPAN><SPAN>&nbsp;</SPAN>SKUs.</P> </LI> <LI><SPAN>For more information, see&nbsp;</SPAN><A href="https://support.checkpoint.com/results/sk/sk182394" target="_blank" rel="noopener">sk182394</A><SPAN>.</SPAN></LI> </UL> <P>Source:&nbsp;<A href="https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/Topics-HEP/Logs-menu.htm" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/Topics-HEP/Logs-menu.htm</A>&nbsp;</P> Tue, 02 Dec 2025 14:11:06 GMT https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264138#M11073 Chris_Atkinson 2025-12-02T14:11:06Z https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264140#M11074 <P>This link contains the information.</P> <P><A href="https://support.checkpoint.com/results/sk/sk182394" target="_blank">sk182394 - Cloud Log Analytics &amp; Logging - Ingestion / Retention Solution</A></P> Tue, 02 Dec 2025 14:08:21 GMT https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264140#M11074 lluner 2025-12-02T14:08:21Z https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264152#M11077 <P>Worth checking that the desktop firewall policy isn't set to log 'everything' a common trap.</P> Wed, 03 Dec 2025 01:10:29 GMT https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264152#M11077 Chris_Atkinson 2025-12-03T01:10:29Z https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264221#M11097 <P>I have one more question, so can we manual delete the logs on the cloud tenant harmony? because for now I still see the warning on tenant, but we have disable log record on some policy firewall.</P> Wed, 03 Dec 2025 02:06:01 GMT https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264221#M11097 MarcuzShinz 2025-12-03T02:06:01Z https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264222#M11098 <P>Retention and Ingestion are separate issues, you may need to monitor for a period to see if the trend is reducing to the required level.</P> Wed, 03 Dec 2025 02:43:23 GMT https://community.checkpoint.com/t5/Endpoint/Critical-data-loss-risk-daily-log-ingestion-might-be-capped/m-p/264222#M11098 Chris_Atkinson 2025-12-03T02:43:23Z