Create a Post
Ryan_Ryan
Advisor

Forensics logs filling up the log partition

Jump to solution

Hi we have cloudguard firewalls (R80.10) that are constantly filing their log partition to 100% due to the 'forensics' track option being enabled under the TP policy.

(files are in /var/log/opt/CPsuite-R80/fw1/log/forensics and all have *.cap extension)

Rather than just turn this off, is there a way to start rolling the files once disk space exceeds 90% or so? or even better can we have the cap files stored on the log server rather than the gateway?

 

 

 

 

1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

Known issue in your EOL version: sk165914: IPS Forensic logs (packet capture) are not being deleted

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

2 Replies
Timothy_Hall
Champion
Champion

Known issue in your EOL version: sk165914: IPS Forensic logs (packet capture) are not being deleted

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
Ryan_Ryan
Advisor

Thanks Timothy good to know (unfortunately R80.10 is the latest version we can run on nsx-v)

0 Kudos