cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Disabling the built-in Logswitch on R80 SMS at midnight?

As the subject references, I've seen in a customer's deployment on a Smart-1 R80 appliance and in my own freshly configured VM the same seemingly un-sourced logswitch happening every night at 00:00, even when there's an explicitly configured automatic logswitch configured for the SMS object in SmartConsole for a daily logswitch at 23:59. Does anyone have any insight to this mysterious extra logswitch, and how to disable it from happening if possible? My initial thought was that this was a placeholder logswitch  that would stop once the database was installed with the 23:59 switch (an explicitly configred automatic logswitch) , but we're now seeing both logswitches happen, even on my freshly-built VM where this is literally the only configuration I've done in SmartConsole, or on the WebUI. (besides the First Time Config Wizard)

For reference, here's the applicable output from ls -lah:

-rw-r--r-- 1 admin       config  42K May  9 00:00 2017-05-09_000000.log

(ignoring adtlogs etc...)

-rw-rw---- 1 admin       root    18K May  9 13:35 2017-05-09_133506.log (When 23:59 logswitch was configured)

(ignoring adtlogs etc...)

-rw-rw---- 1 admin       root    19K May  9 23:59 2017-05-09_235900.log

(ignoring adtlogs etc...)

-rw-rw---- 1 admin       root   8.3K May 10 00:00 2017-05-10_000000.log

We saw this pattern repeat on my customer's SMS for several days, but I didn't hang on to the output. suffice to say this pattern continues, where the configured logswitch happens at 23:59 and then a comparatively tiny log is created when the mystery logswitch occurs again at 00:00.

Again, any insight or assistance into why this happens and how to control/disable it would be greatly appreciated.

Tags (1)
2 Replies

Re: Disabling the built-in Logswitch on R80 SMS at midnight?

according to our consultant you can change it here:

go to edit...on your management server -> Logs -> Additional Logging -> activate "Create a new log file on scheduled times" this should do it

...but i did not test it, because i can not change any setting on my manager, due to an other bug, which checkpoint support could not solve until now... Smiley Sad

0 Kudos

Re: Disabling the built-in Logswitch on R80 SMS at midnight?

Unfortunately,  configuring that option was what I was referring to when I mentioned the "explicitly configured automatic logswitch."

We went through a full service request with Check Point's TAC for this issue, and the dev team's response was essentially, "known behavior, working as intended, no change necessary." Fortunately, the logswitch mechanism doesn't actually affect how logs are viewed in R80, so the back to back logswitches don't appear to cause any actual problems, and it was purely a cosmetic concern.

0 Kudos