Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
archie
Participant

Log Maintenance Policy not delete log files

Hello!

In a R80.40 environment on the management server, (not MDS just simple SMS) I set the Daily logs retention configuration as follows:

  • Keep indexed logs for no longer than 30 days
  • Keep log files for an extra 30 days.

 

But in the $FWDIR/log folder, there were many log file older than 60 days. The index file are deleted as expected.

In the fwd.log file I see the following:

Tue Jan 25 23:59:00 2022 - Trying to Switch (Log file) to a new log file, reason for switch is (scheduled log switch)
lea_server_col_logs_build_and_notify return
Tue Jan 25 23:59:00 2022 - Switched (Log file) to a new log file, the previous was renamed to (2022-01-25_235900.log), reason for switch is (scheduled log switch)
Unable to open '/dev/fw0': No such file or directory
Unable to open '/dev/fw0': No such file or directory
[FWD 8820]@MGMT SERVER[26 Jan 0:00:00] CScheduledDailyLogSwitch::EventHandler : Enter
[FWD 8820]@MGMT SERVER[26 Jan 0:00:00] CScheduledDailyLogSwitch::EventHandler : need log switch - true
Wed Jan 26 00:00:00 2022 - Trying to Switch (Log file) to a new log file, reason for switch is (daily maintenance log switch)
lea_server_col_logs_build_and_notify return
Wed Jan 26 00:00:00 2022 - Switched (Log file) to a new log file, the previous was renamed to (2022-01-26_000000.log), reason for switch is (daily maintenance log switch)
Wed Jan 26 00:00:00 2022 - Trying to Switch (Audit log file) to a new log file, reason for switch is (daily maintenance log switch)
lea_server_col_logs_build_and_notify return
Wed Jan 26 00:00:00 2022 - Switched (Audit log file) to a new log file, the previous was renamed to (2022-01-26_000000.adtlog), reason for switch is (daily maintenance log switch)
[FWD 8820]@MGMT SERVER[26 Jan 0:00:00] CScheduledDailyLogSwitch::EventHandler : getMaintenanceKeepLogFilesHistory return 60
[FWD 8820]@MGMT SERVER[26 Jan 0:00:00] CScheduledDailyLogSwitch::EventHandler : going to call Maintenance with 60
callMaintenanceRoutine: enter params: emergencyState: 0, DeletedInMdsLogTime: 60
callMaintenanceRoutine: cyclic logging is not configured/initialized. will not run maintenance
[FWD 8820]@MGMT SERVER[26 Jan 0:00:00] CScheduledDailyLogSwitch::EventHandler completed with logSwitchRetCode=0 adtLogSwitchRetCode=i CScriptRunnerThread::ThreadProcedure() : file dailyLogMaintenance.sh has
been poped out from queue with features:
CScriptRunnerThread::ThreadProcedure() : got function - (nil) got this - (nil)
runLogMaintenanceScript() : running command /opt/CPrt-R80.40/scripts/dailyLogMaintenance.sh /tmp/fileCaXsY0
runCommand(): running script /opt/CPrt-R80.40/scripts/dailyLogMaintenance.sh /tmp/fileCaXsY0
runCommand() : maintenance script '/opt/CPrt-R80.40/scripts/dailyLogMaintenance.sh /tmp/fileCaXsY0' has return the output :
2022-01-26 00:00:00 - dailyLogMaintenance.sh

CScriptRunnerThread::ThreadProcedure() : no files was deleted

 

I would not like to do an fwd daemon debug if it is not necessary.

Do you have any idea, why it is not working?

 

Thanks

 

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend

https://community.checkpoint.com/t5/Management/Index-Files-option-for-R80-10/td-p/7186

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
archie
Participant

Thanks for the reply, but I can't see this solve my problem.

0 Kudos
archie
Participant

We've found a solution. You have to switch on the When disk space is below X Mbytes option. and this triggers the Daily log retention configuration. This should not work this way it works! 🙂

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events