Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ryan_Ryan
Advisor
Jump to solution

Forensics logs filling up the log partition

Hi we have cloudguard firewalls (R80.10) that are constantly filing their log partition to 100% due to the 'forensics' track option being enabled under the TP policy.

(files are in /var/log/opt/CPsuite-R80/fw1/log/forensics and all have *.cap extension)

Rather than just turn this off, is there a way to start rolling the files once disk space exceeds 90% or so? or even better can we have the cap files stored on the log server rather than the gateway?

 

 

 

 

1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend

Known issue in your EOL version: sk165914: IPS Forensic logs (packet capture) are not being deleted

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

2 Replies
Timothy_Hall
Legend Legend
Legend

Known issue in your EOL version: sk165914: IPS Forensic logs (packet capture) are not being deleted

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Ryan_Ryan
Advisor

Thanks Timothy good to know (unfortunately R80.10 is the latest version we can run on nsx-v)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.