- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Forensics logs filling up the log partition
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jump to solution
Forensics logs filling up the log partition
Hi we have cloudguard firewalls (R80.10) that are constantly filing their log partition to 100% due to the 'forensics' track option being enabled under the TP policy.
(files are in /var/log/opt/CPsuite-R80/fw1/log/forensics and all have *.cap extension)
Rather than just turn this off, is there a way to start rolling the files once disk space exceeds 90% or so? or even better can we have the cap files stored on the log server rather than the gateway?
1 Solution
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Known issue in your EOL version: sk165914: IPS Forensic logs (packet capture) are not being deleted
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
now available at maxpowerfirewalls.com
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Known issue in your EOL version: sk165914: IPS Forensic logs (packet capture) are not being deleted
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Timothy good to know (unfortunately R80.10 is the latest version we can run on nsx-v)