cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Wang
Nickel

Does anyone know about /var/log/messages?

Hello, engineers, does anyone know the size of /var/log/messages, /var/log/messages.1, /var/log/messages.2, /var/log/messages.3, /var/log/messages.4, and what is the proportion between them

4 Replies
Jerry
Gold

Re: Does anyone know about /var/log/messages?

these are the generic logging files on each and every linux box in a world (I guess?)

size of it does not matter as they "chunk" themselves and never obstruct the devices itself - they normally "tail" themselves in a progress of time so ... why bother?

please be more specific what is the reason of your question mate

ps. proportions depends - very often of what is the particion size etc.- but usually those files does not (each) more than 2MB. I do have on my R80.20 just .10 and each of the files is not bigger than 1.1-1.6MB. on SMS's however those files are really smal as long as the logging (of the entire estate) is happeneing on CLM"s or other logging structures so file on my SMS are in particular like 79-80K only hence I don't care much about them.

Jerry
Highlighted

Re: Does anyone know about /var/log/messages?

Hello,
sk36798 explains this well.

Cheers
Vincent

and now to something completely different

Re: Does anyone know about /var/log/messages?

Default settings of log rotation need tuning to avoid log records to be overwritten very quickly. Maybe R80.20 3.10 kernel Gaia is the version with increased limits, I am testing it in a lab and defaults seem to be more generous they used to be up to R80.10.

Until R80.10 the /var/log messages gets rotated as soon as the size of the file reaches 64kB and only 4 rotated files are kept.

You may want to increase size limits and number of the rotated files (in the example below the messages file would be about 1MB and 9 rotated files would be kept):

log_start limit 0 1048576 9

Syntax:

log_start limit <log-index> <max-size> <backlog-copies>

 

To see all the files managed by CP rotation and their settings:

log_start list

 

 

0 Kudos

Re: Does anyone know about /var/log/messages?

If you're having problems with Gaia syslog logs rolling off before they can be viewed, either forward them to a third-party syslog collector like Splunk, or if unavailable forward them to the SMS itself for storage and searching/viewing with the usual Check Point log tools as described here:

sk102995: How to export syslog messages from Gaia Security Gateway to a Log Server and view them in ...

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com