Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

VAR/Log/Spool/Mail is getting filled continuously

Hello All,

Recently I have upgraded the gateway from R77.30 to R80.10 version. We are observing the var/log is getting full very rapidly. We have logged a case with Checkpoint TAC & they have said that var/log/spool/mail is getting filled in 2 seconds of time. Almost 2 kb i getting consumed in every 2 sec. TAC has not yet able to identify the root cause of this issue. 

Can anyone help to identify the root cause & resolve the issue? We are struggling almost a month for this issue. We have reinstalled the R80.10 three times & also changed the gateway but still the issue persists.

Need your support to get this issue resolved. 

Regards,

Abhishek

0 Kudos
2 Replies
Highlighted
Admin
Admin

Do you have IPS configured to capture packets when a signature is triggered?
That's what generally gets there in R80.x (they were in a different place in R77.x).
These files should exist on the gateway temporarily until the log server retrieves them.
However, in some cases, it seems these files aren't removed correctly.
Definitely need to work with the TAC on this.
0 Kudos
Highlighted

TAC Team is unable to identify the issue. 

 

0 Kudos