- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: Does anyone know about /var/log/messages?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does anyone know about /var/log/messages?
Hello, engineers, does anyone know the size of /var/log/messages, /var/log/messages.1, /var/log/messages.2, /var/log/messages.3, /var/log/messages.4, and what is the proportion between them
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
these are the generic logging files on each and every linux box in a world (I guess?)
size of it does not matter as they "chunk" themselves and never obstruct the devices itself - they normally "tail" themselves in a progress of time so ... why bother?
please be more specific what is the reason of your question mate
ps. proportions depends - very often of what is the particion size etc.- but usually those files does not (each) more than 2MB. I do have on my R80.20 just .10 and each of the files is not bigger than 1.1-1.6MB. on SMS's however those files are really smal as long as the logging (of the entire estate) is happeneing on CLM"s or other logging structures so file on my SMS are in particular like 79-80K only hence I don't care much about them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
sk36798 explains this well.
Cheers
Vincent
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Default settings of log rotation need tuning to avoid log records to be overwritten very quickly. Maybe R80.20 3.10 kernel Gaia is the version with increased limits, I am testing it in a lab and defaults seem to be more generous they used to be up to R80.10.
Until R80.10 the /var/log messages gets rotated as soon as the size of the file reaches 64kB and only 4 rotated files are kept.
You may want to increase size limits and number of the rotated files (in the example below the messages file would be about 1MB and 9 rotated files would be kept):
log_start limit 0 1048576 9
Syntax:
log_start limit <log-index> <max-size> <backlog-copies>
To see all the files managed by CP rotation and their settings:
log_start list
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you're having problems with Gaia syslog logs rolling off before they can be viewed, either forward them to a third-party syslog collector like Splunk, or if unavailable forward them to the SMS itself for storage and searching/viewing with the usual Check Point log tools as described here:
now available at maxpowerfirewalls.com