The earliest recollection of this bug is traced back to PAN-OS 10.2.4 - November 18, 2024.
This bug is fixed in PAN-OS versions 10.2.4, 11.0.3.
Fixed an issue where, when Captive Portal Authentication was configured, l3svc_ngx_error.log and l3svc_access.log did not roll over after exceeding 10 megabytes, which caused the root partition to reach full utilization.
Fixed an issue where, when Authentication Portal Authentication was configured, l3svc_ngx_error.log and l3svc_access.log did not roll over after exceeding 10 megabytes, which caused the root partition to reach full utilization.
For more information:
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-release-notes/pan-os-10-2-4-known-and-addressed-issues/pan-os-10-2-4-addressed-issues
https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-release-notes/pan-os-11-0-3-known-and-addressed-issues/pan-os-11-0-3-addressed-issues
