Solved: Analytics - Log Volume per Gateway arriving at Log...

Garrett_DirSec

Hello All --

Is there a way to determine log volume generated PER Gateway (or cluster) at the LOG SERVER ?

Ideal scenario:

I run a report (SmartEvent) or command-line script (Dr Log?) on LOG SERVER that will tell us aggregate volume of INGEST log volume per source Gateway (Cluster) over a specified date scope -- example: week or month.

Thanks -

Don_Paterson

I think CPLogInvestigator could give you that.

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_CLI_ReferenceGuide/Content/T...

Cpview shows log rates on both the gateway and server, in case that is useful.

Its under the Advanced tab in cpview.

https://support.checkpoint.com/results/sk/sk101878

Looks like that's not in Skyline but I'm not sure about that one.

https://community.checkpoint.com/t5/OpenTelemetry-Skyline/Skyline-How-to-collect-cpview-metrics-of-L...

There is this too in case it helps:

https://support.checkpoint.com/results/sk/sk181782

View solution in original post

the_rock

I believe you can do this via logs and monitor tab in smart console, but will check in my lab tomorrow.

Best,
Andy

PhoneBoy

I don't believe Dr. Log breaks it down per gateway/cluster.
Not sure SmartEvent can do this either.

Don_Paterson

I think CPLogInvestigator could give you that.

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_CLI_ReferenceGuide/Content/T...

Cpview shows log rates on both the gateway and server, in case that is useful.

Its under the Advanced tab in cpview.

https://support.checkpoint.com/results/sk/sk101878

Looks like that's not in Skyline but I'm not sure about that one.

https://community.checkpoint.com/t5/OpenTelemetry-Skyline/Skyline-How-to-collect-cpview-metrics-of-L...

There is this too in case it helps:

https://support.checkpoint.com/results/sk/sk181782

the_rock

Thats it Don! Never tried that command, but super useful, thank you!

@Garrett_DirSec . check out the output from my lab

[Expert@CP-MANAGEMENT:0]# CPLogInvestigator

Thank you for using log investigator tool.

==============================================================
Start reading log file: /opt/CPsuite-R82/fw1/log/fw.log

Start reading log file: /opt/CPsuite-R82/fw1/log/fw.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-13_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-13_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-12_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-12_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-11_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-11_000000.log from log 0

...
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-10_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-10_000000.log from log 0

....
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-09_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-09_000000.log from log 0

....
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-08_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-08_000000.log from log 0

...
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-07_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-07_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-06_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-06_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-05_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-05_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-04_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-04_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-03_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-03_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-02_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-02_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-01_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-11-01_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-31_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-31_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-30_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-30_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-29_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-29_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-28_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-28_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-27_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-27_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-26_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-26_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-14_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-14_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-13_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-13_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-12_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-12_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-11_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-11_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-10_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-10_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-09_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-09_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-08_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-08_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-07_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-07_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-06_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-06_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-05_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-05_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-04_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-04_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-03_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-03_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-02_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-02_000000.log from log 0

..
Reading log file is DONE.

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-01_000000.log

Start reading log file: /opt/CPsuite-R82/fw1/log/2025-10-01_000000.log from log 0

..
Reading log file is DONE.

Total scanned 3205706 logs out of 3205706 logs in file
Scanned logs dates are from 30-09-2025 00:00:00 to 13-11-2025 08:42:03
Observed blades:
- Anti Malware
- Application Control
- IPS
- N/A
- New Anti Virus
- URL Filtering
- VPN-1 & FireWall-1

========================================

Summary - Estimations based on findings:

Log file size per day: 0.6457GB (72193 logs)

Estimated events per day:
- Estimated events per day based on active blades: 1295

Storage required per day:
- SmartEvent: 0.0060GB
- Log Server: 0.6457GB
- Log Server + SmartLog: 1.2913GB

Please refer to sk87263 to use these metrics and size your SmartEvent solution. The SK can be found at Check Point▒s Support Center :
https://supportcenter.checkpoint.com/supportcenter/index.jsp

==============================================================

Best,
Andy

Are you a member of CheckMates?

Analytics - Log Volume per Gateway arriving at Log Server