More than old packages, I think the question is about the "CPsuite-R80.40" and "CPsuite-R81" and "CPsuite-R81.10" folders which get left around when you upgrade a system in place. I mostly see them in /var/log/opt, so at least they don't clutter up snapshots.

At least from traffic logging POV it will delete the oldest logs, even if they appear on older versions directories. It usually has a symbolic link to it in the new version's directory.

With that reasoning I will assume that stuff without symbolic links might be copies of same content from each directory but every single thing needs to be validated with owner to be so. But compared to logging I will assume that it will not be as significant from storage POV.

That's definitely not the case with R81.10 or R81.20. The old logs are left on the box forever. Log rotation doesn't clean them up. For example, I have a firewall I upgraded in-place from R81.10 to R81.20 about 50 days ago. It still has /var/log/opt/CPshrd-R81.10/cpview_services with a 1.2 GB cpview history database which can no longer be accessed. It also has a few hundred megabytes of junk in /var/log/opt/CPsuite-R81.10/fw1/tmp.

Log retention is for traffic logs which is much more significant on storage, GBs per day. You can check if you have such logs by running "ls -lh /opt/CPsuite-R81.10/fw1/log/2024*.log" . For comparison you can check your current version.

IMO, I think that a lot of the files that remain has to do with the ability to revert back. They do not have proper means of removal. I think that this is supported by the fact that when doing advanced upgrade (export DB, clean install, import DB) would not leave such directories and function properly with all the information it needs.

I would say that deleting files from version you would not revert to anymore is probably possible but I don't think the risk worth it. Until the amount of storage taken is tens of GBs it's insignificant in comparison to modern size of storage and storage taken by traffic logs. If you have storage issues I would consider expanding it to solve long run.

Much more significant in lab environments if /var/log is very limited.

I've noticed files in old /var/log/opt/CPsuite-R**.**/fw1/log directories years after an upgrade. In my experience, the log rotation on firewalls only checks the current version's $FWDIR/log. I don't care about traffic logs, though; they can obviously be trashed. All the other junk in /var/log/opt is a bigger question, because it's not all logs. It would just be nice if upgrades cleaned up after themselves, or if there was a tool to clean up after an upgrade.

I always found its safe to delete those old packages.

Andy