Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bruno_De_Feyter
Explorer

Endpoint E81.10.7251 NVAG log filling drive

Jump to solution

Having issues on one of our servers where the endpoint NVAG.log file is filling up the root drive. It's over 22GB now. 

 

Currently I'm unable to delete this file, or rename it to force a new log file creation. Any idea on how to do this, or why the file is getting that large. 

 

Any help is appreciated. 

0 Kudos
1 Solution

Accepted Solutions
Roman_Zitzev
Employee
Employee

Hi,

 

it's a log file for R&D team to debug any issue related to a component inside EFRservice.exe process(Forensics blade)

The issue was fixed on 81.40

CP recommends E82.30 (19-Jan-2020)

we can do exclusions that should solve this issue via zoom or you can upgrade to newer version.

feel free to contact me directly 

romanzit@checkpoint.com 

ty

roman

 

 

 

View solution in original post

0 Kudos
13 Replies
Roman_Zitzev
Employee
Employee

Hi,

This issue was fixed in 

E81.40

you can delete this file by remove self protection with the following steps:

1. navigate to %temp%

2. find the newest guid format folder

3. run passdialog,exe

this will remove self protection

after it you can rename the file and delete it

Let me know if you need any help.

you can contact me directly romanzit@checkpoint.com

 

Ty,

Roman

 

0 Kudos
Bruno_De_Feyter
Explorer

Hi Roman,

Thx for the reply ...

The problem got resolved itself it seems.

Yesterday 3/8 at 5.44 PM the file got zipped and a new file was started.

Just having questions about this log file.

1) What is it doing/containing? Or what actions is filling the file?

2) What is the use of it?

3) How does it work? Meaning when a new log is started? What triggers a new file to be opened and the old one to be zipped?

Regards,

Bruno

0 Kudos
Roman_Zitzev
Employee
Employee

Hi

 

1) What is it doing/containing? Or what actions is filling the file? -->

keep track on the functionality of specific component inside EFRservice.exe process

 

2) What is the use of it? -->

it's a log file for R&D team to debug any issue related to a component inside EFRservice.exe process

 

3) How does it work? Meaning when a new log is started? What triggers a new file to be opened and the old one to be zipped?-->

it zipped after reboot in case its size is higher then a specific limit.

after 3 zips its purged.

 

as i mentioned in 81.40 we remove some information which appear repeatedly on servers environments.

it will be great to get cpinfo in any case.

0 Kudos
Bruno_De_Feyter
Explorer

Thx for some clarifications.

I can provide cpinfo but can't attach it as it's too big.

Can I upload it somewhere?

0 Kudos
Roman_Zitzev
Employee
Employee

SFTP account Credentials:

 

Account Name: 4ngav

Account Password: O4x6FkrF

 

For Web Access, Please go to https://ftp.checkpoint.com

 

Please use an SFTP (WinSCP / FileZilla etc..) client on port 22 to ftp.checkpoint.com

 

You will be able to upload files into the 'Incoming' folder,

 

And files sent to you will be in the 'Outgoing' Folder.

0 Kudos
Bruno_De_Feyter
Explorer

has been uploaded

 

Regards,

0 Kudos
Bruno_De_Feyter
Explorer

Hi,

Today User is facing the same issue ...

2 weeks ago the file got zipped by itself and has created a new log file.

Today the file is growing again? What is causing the issue?

0 Kudos
G_W_Albrecht
Champion
Champion

I think you are using an older version (from 30-Jun-2019) - This issue was fixed in E81.40 (24-Sept-2019), CP recommends E82.30 (19-Jan-2020) and the latest version is E83.11 (14-Jul-2020)...

0 Kudos
Roman_Zitzev
Employee
Employee

Hi,

 

it's a log file for R&D team to debug any issue related to a component inside EFRservice.exe process(Forensics blade)

The issue was fixed on 81.40

CP recommends E82.30 (19-Jan-2020)

we can do exclusions that should solve this issue via zoom or you can upgrade to newer version.

feel free to contact me directly 

romanzit@checkpoint.com 

ty

roman

 

 

 

View solution in original post

0 Kudos
Bruno_De_Feyter
Explorer

Hi Roman,

We installed E83.11 today on the one client and the log is filling still but at a much lower rate then before.

So the problem seems to be solved. However, this was only 1 client out of 1000, how can this be explained? It's a developer running quite some applications but he is not the only developer.

0 Kudos
Roman_Zitzev
Employee
Employee

Hi,

 

the fact that the log increase is expected, it should be small, Max 10 MB.

didn't understand what happen only on one machine(1 client out of 1000)? is it the old huge log or the new that increase some of it size?

0 Kudos
Roman_Zitzev
Employee
Employee

Hi,

 

Do you need any additional help?

btw did you saw my question above?

0 Kudos
Bruno_De_Feyter
Explorer

Hi,

 

Did see your question ...

It was the old LOG that was increasing huge.

With the new version E83.11 the LOG file increases significant with a much lower rate

0 Kudos