Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

How to decrease a usage of /dev/mapper/vg_splat_lv-log

Hello Checkmates,

there is the promlem and I cannot still understand what is the folder /dev/mapper/vg_splat_lv-log , which is mounted in /var/log/ resposible for?

There is a screenshot , where you can see that the /var/log/ folder is quickly filling.

During the last 7 days the usage has increased from 53% to 63%.

I guess that is a very rapid and anomaly behaviour.

Advise please how to solve this problem with quick filling.

Can I do something and solve this problem?

Thank you very much!

Tags (2)
0 Kudos
16 Replies
Highlighted

Enlarge the partition. More see here:

Managing partition sizes via LVM manager on Gaia OS 

0 Kudos
Highlighted

0 Kudos
Highlighted

Thank you for a quick answer, but does that mean that all the files in that folder are necessary and we cannot remove some of them?

0 Kudos
Highlighted

Delete old log files from management server.

$FWDIR/log is a S-Link to this directory in /var/log/.

for R80.10:       /var/log/opt/CPsuite-R80.10/fw1/log/

for R80.20:       /var/log/opt/CPsuite-R80.20/fw1/log/

Here you can delete old logs from SmartLog after the date.

0 Kudos
Highlighted

For example for the 2019-01-20

# cd /var/log/opt/CPsuite-R80.10/fw1/log

# rm 2019-01-20*

You can also use "cd $FWDIR/log/"

0 Kudos
Highlighted

Or all logs for January 2019

# cd /var/log/opt/CPsuite-R80.10/fw1/log/

# rm 2019-01*

0 Kudos
Highlighted

  Yes, I've understood your very useful information, once again thank you!

0 Kudos
Highlighted

or

find $FWDIR/log -type f -name '201*' -mtime +30 -exec rm {} \;

for such files older than 30 days Smiley Happy

and now to something completely different
Highlighted

https://community.checkpoint.com/people/8221a355-5448-47cb-9c8a-d5f330a5909c - Nice one liner!

Comes into my CLI one liner collection!

0 Kudos
Highlighted
Gold

This directory holds all logs. Logs from your gateways and all logs of your managementserver. Regarding the amount of your logged traffic this is normal behaviour. Extending the partion Heiko mentioned is the best solution.

Wolfgang

0 Kudos
Highlighted

If the log is not filled up by normal logs, maybe a debug is running and forgotten to turn off?
So maybe some *.elg files permanently growing?
then
fw ctl debug 0
could help
Or if the files are vpnd.elg and ike.elg
vpn debug truncoff
could help

If it's just old log data, you ma delete the oldest if not needed.

and now to something completely different
0 Kudos
Highlighted

Do you mean to use RemoveOldVersion.tar script by Check Point?

0 Kudos
Highlighted

No, old logfiles. SMS is usually rotating logs renaming the old files using timestamp ath the beginning.

and now to something completely different
0 Kudos
Highlighted

Just have a look at Heikos descriptions above Smiley Happy

and now to something completely different
0 Kudos
Highlighted

Thank you gentlemen!

I am going to try this approach.

0 Kudos
Highlighted
Admin
Admin

Just make sure you do not delete logs you have to keep 🙂

I would rather suggest archiving those, sending to an external location via ftp or sftp and then remove