This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rodrigo_Mezetti
Contributor
‎2025-02-15 02:53 PM
Jump to solution

active cluster member full partition

Gentlemen... people... I hope you are all well?!? I would like to share a situation that has been happening to someone where the active member of the r81.10 take 172 cluster,appliance series 7000 gradually fills the /var/log partition of the fw gw until it is almost full and when it is full, it starts deleting and freeing up the partition. I have only been following all hours this behavior and it soon returns to normal and goes months without happening. Have you ever experienced this? Any experience in this regard?

 

tks rodrigo

0 Kudos
3 Solutions

Accepted Solutions
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-02-16 09:11 PM
Jump to solution

It sounds like it's logging locally, is it having trouble communicating with its configured log servers?

View solution in original post

AkosBakos
MVP Silver
MVP Silver
‎2025-02-17 01:16 AM
Jump to solution

Hi @Rodrigo_Mezetti 

What does this command say?

cpstat mg -f log_server  // on SmartCenter
cpstat fw -f log_connection // on gateway

BR

Akos

----------------
\m/_(>_<)_\m/

View solution in original post

the_rock
MVP Diamond
MVP Diamond
‎2025-02-17 04:17 AM
In response to Rodrigo_Mezetti
Jump to solution

Sounds like what @emmap mentioned was indeed the case. 

Andy

Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

0 Kudos
6 Replies
the_rock
MVP Diamond
MVP Diamond
‎2025-02-15 04:04 PM
Jump to solution

Hey Rodrigo,

Maybe there is cron job you might not be aware of possibly? I had seen that dir fill up, but then most people just delete whatever is not needed.

Example, say you wish to look for files bigger than 500 MBs, you would run -> find /var/log -size +500M

Best,

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-02-16 06:09 PM
Jump to solution

One thing I thought of as well is check to make sure maybe there are no files from before that are "lingering" in that dir that could be deleted.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-02-16 09:11 PM
Jump to solution

It sounds like it's logging locally, is it having trouble communicating with its configured log servers?

AkosBakos
MVP Silver
MVP Silver
‎2025-02-17 01:16 AM
Jump to solution

Hi @Rodrigo_Mezetti 

What does this command say?

cpstat mg -f log_server  // on SmartCenter
cpstat fw -f log_connection // on gateway

BR

Akos

----------------
\m/_(>_<)_\m/
Rodrigo_Mezetti
Contributor
‎2025-02-17 03:49 AM
In response to AkosBakos
Jump to solution

Hello.. How are you?!? The output of the command in fw (cpstat fw -f log_connection)
is informing that one of the logservers is unavailable and is saving locally (the VM is actually turned off and being migrated to another environment) and I had not removed the logserver from the log sending configurations of the clusters. I removed it now and just left the logserver active until the migration is finished and I will follow up on the case.
For now, thank you very much.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-02-17 04:17 AM
In response to Rodrigo_Mezetti
Jump to solution

Sounds like what @emmap mentioned was indeed the case. 

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events