cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

How to decrease a usage of /dev/mapper/vg_splat_lv-log

Hello Checkmates,

there is the promlem and I cannot still understand what is the folder /dev/mapper/vg_splat_lv-log , which is mounted in /var/log/ resposible for?

There is a screenshot , where you can see that the /var/log/ folder is quickly filling.

During the last 7 days the usage has increased from 53% to 63%.

I guess that is a very rapid and anomaly behaviour.

Advise please how to solve this problem with quick filling.

Can I do something and solve this problem?

Thank you very much!

Tags (2)
0 Kudos
16 Replies
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

Enlarge the partition. More see here:

Managing partition sizes via LVM manager on Gaia OS 

0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

Thank you for a quick answer, but does that mean that all the files in that folder are necessary and we cannot remove some of them?

0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

Delete old log files from management server.

$FWDIR/log is a S-Link to this directory in /var/log/.

for R80.10:       /var/log/opt/CPsuite-R80.10/fw1/log/

for R80.20:       /var/log/opt/CPsuite-R80.20/fw1/log/

Here you can delete old logs from SmartLog after the date.

0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

For example for the 2019-01-20

# cd /var/log/opt/CPsuite-R80.10/fw1/log

# rm 2019-01-20*

You can also use "cd $FWDIR/log/"

0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

Or all logs for January 2019

# cd /var/log/opt/CPsuite-R80.10/fw1/log/

# rm 2019-01*

0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

  Yes, I've understood your very useful information, once again thank you!

0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

or

find $FWDIR/log -type f -name '201*' -mtime +30 -exec rm {} \;

for such files older than 30 days Smiley Happy

and now to something completely different
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

https://community.checkpoint.com/people/8221a355-5448-47cb-9c8a-d5f330a5909c - Nice one liner!

Comes into my CLI one liner collection!

0 Kudos
Highlighted
Gold

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

This directory holds all logs. Logs from your gateways and all logs of your managementserver. Regarding the amount of your logged traffic this is normal behaviour. Extending the partion Heiko mentioned is the best solution.

Wolfgang

0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

If the log is not filled up by normal logs, maybe a debug is running and forgotten to turn off?
So maybe some *.elg files permanently growing?
then
fw ctl debug 0
could help
Or if the files are vpnd.elg and ike.elg
vpn debug truncoff
could help

If it's just old log data, you ma delete the oldest if not needed.

and now to something completely different
0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

Do you mean to use RemoveOldVersion.tar script by Check Point?

0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

No, old logfiles. SMS is usually rotating logs renaming the old files using timestamp ath the beginning.

and now to something completely different
0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

Just have a look at Heikos descriptions above Smiley Happy

and now to something completely different
0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

Thank you gentlemen!

I am going to try this approach.

0 Kudos
Highlighted

Re: How to decrease a usage of /dev/mapper/vg_splat_lv-log

Just make sure you do not delete logs you have to keep 🙂

I would rather suggest archiving those, sending to an external location via ftp or sftp and then remove