cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
slay39
Ivory

Checkpoint Management Log Size Problem

Jump to solution

Hi Checkmates,

When I check the disk situation I saw log directory was full so that I removed old logs from $FWDIR/log/ directory. disk situation is okay now. When I controlled /var/log/opt directory, I saw 854G space allocated. Is that normal? If not, what should I do?

 

[Expert@hostname:0]# pwd
/var/log/opt
[Expert@hostname:0]# ls
CPSmartLog-R77 CPSmartLog-R80 CPrt-R77 CPrt-R80 CPshrd-R77 CPshrd-R80 CPsuite-R77 CPsuite-R80
[Expert@hostname:0]# du -h --max-depth=1
233M ./CPshrd-R77
173G ./CPsuite-R80
158M ./CPshrd-R80
143G ./CPrt-R77
391G ./CPsuite-R77
60G ./CPrt-R80
88G ./CPSmartLog-R77
200M ./CPSmartLog-R80
854G .
[Expert@hostname:0]#

0 Kudos
2 Solutions

Accepted Solutions

Re: Checkpoint Management Log Size Problem

Jump to solution

This is a known issue: If the SMS is upgraded In-Place, log files from old $FWDIR/log are copied to the new $FWDIR/log (e.g. /var/opt/CPsuite-R80.30/log). But to have a fallback for times the update fails, old logs are not deleted from e.g. /var/opt/CPsuite-R77.30/log.

You can easily confirm in WinSCP that the old log directories only contain old log files also available in the new log folder and remove these. Also see here how to do that: sk114114: Diskspacemanagement tools do not delete logs from previous Security Management versions

0 Kudos
Employee+
Employee+

Re: Checkpoint Management Log Size Problem

Jump to solution

Yes. 

Assuming you're now in R80.x & no longer need the old R77.x SML or SME log/events DBs, then yea.

follow sk157713:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Solution

To resolve the problem, delete the R77.x SmartLog/SmartEvent databases. To do so:

On SmartLog, run:

[Expert@Hostname]# rm -rf /var/log/opt/CPSmartLog-R7*/data/

On SmartEvent, run:

[Expert@Hostname]# rm -rf /var/log/opt/CPrt-R7*/events_db/

 

for FYI, Also remember your log storage threshold for deletion of current version is probably 5GB or less or whatever you've configured in the Mgmt/LS/SME server's object > Logs Storage > Delete when X...

 

0 Kudos
4 Replies

Re: Checkpoint Management Log Size Problem

Jump to solution

This is a known issue: If the SMS is upgraded In-Place, log files from old $FWDIR/log are copied to the new $FWDIR/log (e.g. /var/opt/CPsuite-R80.30/log). But to have a fallback for times the update fails, old logs are not deleted from e.g. /var/opt/CPsuite-R77.30/log.

You can easily confirm in WinSCP that the old log directories only contain old log files also available in the new log folder and remove these. Also see here how to do that: sk114114: Diskspacemanagement tools do not delete logs from previous Security Management versions

0 Kudos

Re: Checkpoint Management Log Size Problem

Jump to solution

Why is this posted in SMB Appliances and SMP  ?

0 Kudos
slay39
Ivory

Re: Checkpoint Management Log Size Problem

Jump to solution
I am so sorry for posting this question to wrong category.

I deleted old log files in CPsuite-R77 directory acording to sk114114. There are 88G index files in /var/log/opt/CPSmartLog-R77/data and 143G event files in /var/log/opt/CPrt-R77. Should I do sth for them?
0 Kudos
Employee+
Employee+

Re: Checkpoint Management Log Size Problem

Jump to solution

Yes. 

Assuming you're now in R80.x & no longer need the old R77.x SML or SME log/events DBs, then yea.

follow sk157713:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Solution

To resolve the problem, delete the R77.x SmartLog/SmartEvent databases. To do so:

On SmartLog, run:

[Expert@Hostname]# rm -rf /var/log/opt/CPSmartLog-R7*/data/

On SmartEvent, run:

[Expert@Hostname]# rm -rf /var/log/opt/CPrt-R7*/events_db/

 

for FYI, Also remember your log storage threshold for deletion of current version is probably 5GB or less or whatever you've configured in the Mgmt/LS/SME server's object > Logs Storage > Delete when X...

 

0 Kudos