Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wang
Collaborator

Does anyone know about /var/log/messages?

Hello, engineers, does anyone know the size of /var/log/messages, /var/log/messages.1, /var/log/messages.2, /var/log/messages.3, /var/log/messages.4, and what is the proportion between them

4 Replies
Jerry
Mentor
Mentor

these are the generic logging files on each and every linux box in a world (I guess?)

size of it does not matter as they "chunk" themselves and never obstruct the devices itself - they normally "tail" themselves in a progress of time so ... why bother?

please be more specific what is the reason of your question mate

ps. proportions depends - very often of what is the particion size etc.- but usually those files does not (each) more than 2MB. I do have on my R80.20 just .10 and each of the files is not bigger than 1.1-1.6MB. on SMS's however those files are really smal as long as the logging (of the entire estate) is happeneing on CLM"s or other logging structures so file on my SMS are in particular like 79-80K only hence I don't care much about them.

Jerry
Vincent_Bacher
Advisor
Advisor

Hello,
sk36798 explains this well.

Cheers
Vincent

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
Olavi_Lentso
Contributor

Default settings of log rotation need tuning to avoid log records to be overwritten very quickly. Maybe R80.20 3.10 kernel Gaia is the version with increased limits, I am testing it in a lab and defaults seem to be more generous they used to be up to R80.10.

Until R80.10 the /var/log messages gets rotated as soon as the size of the file reaches 64kB and only 4 rotated files are kept.

You may want to increase size limits and number of the rotated files (in the example below the messages file would be about 1MB and 9 rotated files would be kept):

log_start limit 0 1048576 9

Syntax:

log_start limit <log-index> <max-size> <backlog-copies>

 

To see all the files managed by CP rotation and their settings:

log_start list

 

 

0 Kudos
Timothy_Hall
Champion
Champion

If you're having problems with Gaia syslog logs rolling off before they can be viewed, either forward them to a third-party syslog collector like Splunk, or if unavailable forward them to the SMS itself for storage and searching/viewing with the usual Check Point log tools as described here:

sk102995: How to export syslog messages from Gaia Security Gateway to a Log Server and view them in ...

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events