Re: R81.10 Threat Emulation: Error:Disk Space usag...

Tony_Graham · ‎2022-12-01

I logged into Smart Console yesterday late and noticed my SG3200 is sporting a red X.

Investigating I discovered under Device and License Information the error:

"Error:Disk Space usage is above allowed value."

Now normally that error would be fairly self explanatory, except it isn't in this case.

1) I do not use local threat emulation. We are using Threat Cloud. Therefore no disk limits are set.

2) Disk space on the appliance is mostly empty sitting at 22Gb free.

Logging into the SG directly, GAIA is showing no issues.

RS_Daniel · ‎2022-12-01

Hello,

Can you provide output of following command? ls -l /var/log/files_repository/images

If it is not empty the emulation images are being downloaded to your local appliance, i've seen this in an appliance whith remote emulation configured (NOT locally).

Regards

Tony_Graham · ‎2022-12-01

[expert@host:0]# ls -l /var/log/files_repository/images

total 0

[expert@host:0]#

hostname was edited. It is not 'host'.

Chris_Atkinson · ‎2022-12-01

A 3200 appliance has ~320GB storage (total) of which part is allocated to /var/log it's needs 20% free in that volume.

What's the output of "cpstat threat-emulation" on the gateway?

Refer also: sk101149 / sk92907

CCSM R77/R80/ELITE

Tony_Graham · ‎2022-12-02

Same as posted. Status 2 Error Disk space usage is above allowed value.

the_rock · ‎2022-12-01

Have a look at this sk. I would still double check the disk space on the appliance.

Andy

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Best,
Andy
"Have a great day and if its not, change it"

Blason_R · ‎2022-12-01

Best way I always follow - few quick trick

cd /var/log

du -hs * | grep -E 'M|G|T'

```

And it would show the usage; this would help to clear the files more conveniently.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

Tony_Graham · ‎2022-12-02

There are some large files on /var/log but I have no idea what can be cleared.

Is there an SK outlining files that can be deleted. or cat /dev/nulled?

the_rock · ‎2022-12-02

Are you able to send a screenshot? Blur out any sensitive info.

Andy

Best,
Andy
"Have a great day and if its not, change it"

Tony_Graham · ‎2022-12-02

Screenshot of what?

the_rock · ‎2022-12-02

Large files you see in /var/log.

Best,
Andy
"Have a great day and if its not, change it"

the_rock · ‎2022-12-02

This is great command our mate @G_W_Albrecht provided in a different post:

find / -type f -size +100000 -exec ls -lh {} \; 2> /dev/null | awk '{ print $NF ": " $5 }' | sort -nk 2,2

So say to search for files bigger than 500 MB in /var/log, just run this:

find /var/log -type f -size +500000 -exec ls -lh {} \; 2> /dev/null | awk '{ print $NF ": " $5 }' | sort -nk 2,2

Andy

Best,
Andy
"Have a great day and if its not, change it"

Tony_Graham · ‎2022-12-02

There is like 6 pages of files so screenshots a bit difficult. However, there is a gigantic file:

/var/log/aspose/opt/CPsuite-R81.10/fw1/aspose_jail/proc/kcore.

It is 140737486266368 in size.

the_rock · ‎2022-12-02

Hm, I dont pretend to know answer to it, so I will let someone else confirm, but I found below, which does make sense.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Andy

Best,
Andy
"Have a great day and if its not, change it"

Tony_Graham · ‎2022-12-02

I have a 8 versions of these as well. They are 1-5G each

/var/log/CPda/repository/CheckPoint#CPUpdates#All#6.0#5#2#BUNDLE_R81_JUMBO_HF_MAIN#69/Check_Point
_R81_JUMBO_HF_MAIN_Bundle_T69_FULL.tgz

Tony_Graham · ‎2022-12-02

I suspect these can be removed but is there a process within SmartConsole for doing so?

I don't like munging around in the filesystem. Not sure why CP allows these types of conditions

to occur in the first place. I keep clean systems on the front end so I don't understand why it's

so trashy on the back side.

Tony_Graham · ‎2022-12-02

This is where the .tgz files are sitting.

the_rock · ‎2022-12-02

Ok, just something important (customer did this once without knowing and they could not install new jumbo hotfix).

Its OK to delete files from /var/log/CPda/repository

Its NOT good to delete ones from below dir:

/opt/CPda/backup

Best,
Andy
"Have a great day and if its not, change it"

G_W_Albrecht · ‎2022-12-02

Seem to be very old update files - all not R81.10 can be deleted CPinfo excluded 8))

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Tony_Graham · ‎2022-12-02

So let's assume your message got lost in the train here and I mayyy have deleted a cpinfo...

How does one fix that or am I now completely hosed...

G_W_Albrecht · ‎2022-12-02

These are the installed Jumbo Fixes! To free this space, use a new GA Jumbo HF:

- uninstall all Jumbo takes (1 command)

- delete all uninstalled Jumbo Packages (if not visible in GAiA WebGUI, from CLI)

- install latest GA Jumbo

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Tony_Graham · ‎2022-12-02

Not sure I am following you.

These are the only packages that are installed according to GUI.

Tony_Graham · ‎2022-12-02

Okay so kcores can be ignored.

G_W_Albrecht · ‎2022-12-02

sk33997 - How to find directories and files that are using a large amount of disk space
sk60080 - Disk space tips and tricks for SecurePlatform / Gaia / IPSO / Linux OS

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Tony_Graham · ‎2022-12-02

I found in the GUI where they were hiding. I will purge them.

the_rock · ‎2022-12-02

Where was it?

Best,
Andy
"Have a great day and if its not, change it"

Tony_Graham · ‎2022-12-02

I am back to Green but the GUI is not reflecting all the versions sitting on the disk.

I had to use the drop down to select 'All' packages, instead of Installed. Then I could see that there were packages downloaded that were just sitting there.

the_rock · ‎2022-12-02

I thought you were talking about smart console, but you meant web UI, gotcha.

Best,
Andy
"Have a great day and if its not, change it"

Tony_Graham · ‎2022-12-02

Sorry I confused you. I've been bouncing around between CLI, WebUI and SmartConsole.

the_rock · ‎2022-12-02

All good man, no sweat : - )

Best,
Andy
"Have a great day and if its not, change it"

Are you a member of CheckMates?

R81.10 Threat Emulation: Error:Disk Space usage is above allowed value.