This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ryan_Ryan
Advisor
‎2022-06-28 04:30 PM

Forensics logs filling up the log partition

Jump to solution

Hi we have cloudguard firewalls (R80.10) that are constantly filing their log partition to 100% due to the 'forensics' track option being enabled under the TP policy.

(files are in /var/log/opt/CPsuite-R80/fw1/log/forensics and all have *.cap extension)

Rather than just turn this off, is there a way to start rolling the files once disk space exceeds 90% or so? or even better can we have the cap files stored on the log server rather than the gateway?

 

 

 

 

1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion
‎2022-06-29 04:29 AM

Jump to solution

Known issue in your EOL version: sk165914: IPS Forensic logs (packet capture) are not being deleted

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

2 Replies
Timothy_Hall
Champion
Champion
‎2022-06-29 04:29 AM

Jump to solution

Known issue in your EOL version: sk165914: IPS Forensic logs (packet capture) are not being deleted

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
Ryan_Ryan
Advisor
‎2022-06-29 02:49 PM
In response to Timothy_Hall

Jump to solution

Thanks Timothy good to know (unfortunately R80.10 is the latest version we can run on nsx-v)

0 Kudos