Amir,
Below the log_policy_extended.C file
[Expert@mds:0]# more log_policy_extended.C
(
:stop_logging_on_free_disk_space (true)
:min_free_disk_space (100)
:stop_free_disk_space_metrics (mbytes)
:reject_connections (false)
:alert_on_disk_space (true)
:alert_free_disk_space (3000)
:alert_free_disk_space_metrics (mbytes)
:alert_type (alert)
:log_switch_on_file_size (false)
:scheduled_switch (false)
:forward_logs (false)
:log_delete_on_below (true)
:log_delete_below_metrics (mbytes)
:log_delete_below_value (5000)
:log_delete_on_run_script (false)
:dlp_blob_delete_on_run_script (false)
:dlp_blob_delete_above_value_percentage (20)
:dlp_blob_delete_on_above (true)
:packets_capture_reserved_disk_metrics (mbytes)
:packets_capture_reserved_disk_size_MB (500)
:dlp_blob_fetch_bulk_size (200)
:dlp_blob_fetch_interval (5)
:dlp_blob_retry_interval (180)
:daily_maintenance_at_least_script (dailyAtLeastLogMaintenance.sh)
:daily_maintenance_script (dailyLogMaintenance.sh)
:emergency_script (emergencyLogMaintenance.sh)
:maintenance_type (daily)
:log_keep_days_value (100)
:index_delete_older_than (true)
:index_delete_older_than_value (14)
:maintenance_items (
: (
:type (firewallandvpn)
:delete_after (14)
)
: (
:type (audit)
:delete_after (95)
)
: (
:type (other)
:delete_after (14)
)
: (
:type (smartevent)
:delete_after (14)
)
: (
:type (other-smartlog)
:delete_after (14)
)
: (
:type (resources)
:delete_after (14)
)
: (
:type (files)
:delete_after (14)
)
)
)
And below the output from fwd.elg
Tue Sep 1 15:32:07 2020: FWD START
SetSignals: handle sighup for netflow
Warning : FwdIsIntegrityServer: fwobj_get_myown() failed
InitServers: Log asynch buffer size was initialized with size: 3145728
InitServers: Log buffer initialized with size: 64000
Warning : FwdIsIntegrityServer: fwobj_get_myown() failed
initSyslogServers: SysLog buffer initialized with size: 64000
initSyslogServers: failed to read gateway's settings
CPLogGetMyIp: fwobj_get_myown failed
FireWall-1 Daemon is running
syslog_run: syslogd was executed under pid 6180
load_host_log_policy: log_policy_extended.C is the current policy file
CHostLogPolicy: Attribute include_tcp_state_information not found
loaded set =
(
:stop_logging_on_free_disk_space (true)
:min_free_disk_space (100)
:stop_free_disk_space_metrics (mbytes)
:reject_connections (false)
:alert_on_disk_space (true)
:alert_free_disk_space (3000)
:alert_free_disk_space_metrics (mbytes)
:alert_type (alert)
:log_switch_on_file_size (false)
:scheduled_switch (false)
:forward_logs (false)
:log_delete_on_below (true)
:log_delete_below_metrics (mbytes)
:log_delete_below_value (5000)
:log_delete_on_run_script (false)
:dlp_blob_delete_on_run_script (false)
:dlp_blob_delete_above_value_percentage (20)
:dlp_blob_delete_on_above (true)
:packets_capture_reserved_disk_metrics (mbytes)
:packets_capture_reserved_disk_size_MB (500)
:dlp_blob_fetch_bulk_size (200)
:dlp_blob_fetch_interval (5)
:dlp_blob_retry_interval (180)
:daily_maintenance_at_least_script (dailyAtLeastLogMaintenance.sh)
:daily_maintenance_script (dailyLogMaintenance.sh)
:emergency_script (emergencyLogMaintenance.sh)
:maintenance_type (daily)
:log_keep_days_value (100)
:index_delete_older_than (true)
:index_delete_older_than_value (14)
:maintenance_items (
: (
:type (firewallandvpn)
:delete_after (14)
)
: (
:type (audit)
:delete_after (95)
)
: (
:type (other)
:delete_after (14)
)
: (
:type (smartevent)
:delete_after (14)
)
: (
:type (other-smartlog)
:delete_after (14)
)
: (
:type (resources)
:delete_after (14)
)
: (
:type (files)
:delete_after (14)
)
)
)
working set =
(
:stop_logging_on_free_disk_space (true)
:min_free_disk_space (100)
:stop_free_disk_space_metrics (mbytes)
:reject_connections (false)
:alert_on_disk_space (true)
:alert_free_disk_space (3000)
:alert_free_disk_space_metrics (mbytes)
:alert_type (alert)
:log_switch_on_file_size (false)
:scheduled_switch (false)
:forward_logs (false)
:log_delete_on_below (true)
:log_delete_below_metrics (mbytes)
:log_delete_below_value (5000)
:log_delete_on_run_script (false)
:dlp_blob_delete_on_run_script (false)
:dlp_blob_delete_above_value_percentage (20)
:dlp_blob_delete_on_above (true)
:packets_capture_reserved_disk_metrics (mbytes)
:packets_capture_reserved_disk_size_MB (500)
:dlp_blob_fetch_bulk_size (200)
:dlp_blob_fetch_interval (5)
:dlp_blob_retry_interval (180)
:daily_maintenance_at_least_script (dailyAtLeastLogMaintenance.sh)
:daily_maintenance_script (dailyLogMaintenance.sh)
:emergency_script (emergencyLogMaintenance.sh)
:maintenance_type (daily)
:log_keep_days_value (3650)
:index_delete_older_than_value (14)
:index_delete_older_than (true)
:maintenance_items (
: (
:type (firewallandvpn)
:delete_after (14)
)
: (
:type (audit)
:delete_after (95)
)
: (
:type (other)
:delete_after (14)
)
: (
:type (smartevent)
:delete_after (14)
)
: (
:type (other-smartlog)
:delete_after (14)
)
: (
:type (resources)
:delete_after (14)
)
: (
:type (files)
:delete_after (14)
)
)
)
InitBlobFetcher Warning: Failed to get own object
start_diskspace_check_schedule_event started successfully
start_daily_log_switch_schedule_event started successfully
start_log_switch_schedule_event started successfully
start_log_forward_schedule_event: no log_forward target.
Log forward scheduling not started
start_cyclic_logging_event started successfully
build_opsec_entity: receiving the virtual IP address for MDS
fw_init_lea_server: LEA server initialized
Unable to open '/dev/fw0': No such file or directory
Set operation failed: failed to get parameter enable_netflow
Unable to open '/dev/fw0': No such file or directory
Set operation failed: failed to get parameter enable_netflow
CPLogGetMyIp: fwobj_get_myown failed
There are two values of log_keep_days_value in the output of fwd.elg. The 100 we have configured, but also 3650 which is shown in the working set.
Which value is used?
Regards, Martijn