- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Harmony Mobile 4:
New Version, New Capabilities
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi,
Where can i check the current retention period for logs in SmartConsole and will how can i modify it if required ?
Thanks.
I assume you're referring to the general log/index retention period, not to a single log-file switch, which doesn't actually affect anything on R80.10 & above, as it only impacts the old 'Non-Index' I/S.
Both are on the SmartConsole > Open the Management Server Object > Logs > Storage.
It depends on 2 factors:
1. Daily Log/Indexed-logs retention via: 'Delete index files older than...'
(on R80.40 you can keep/delete both logs & indexed-logs in a more comfortable manner - recommended).
2. Disk-Space ('emergency') threshold for Logs/Indexed-logs retention, which depends on your actual disk-space in Logs partition (/var/log/), via: 'Delete files once threshold is below 'X' available space (default: 5GB==5000Mb).
Example: You have 10GB of Logs & 10GB of Indexed Logs per day. (~700 logs/sec)
Your total logs partition is 1000GB, so you can save around 1000/20 = 50 days of max logs/Indexed-logs, unless configured as less via daily retention.
Hope that's clear.
I assume you're referring to the general log/index retention period, not to a single log-file switch, which doesn't actually affect anything on R80.10 & above, as it only impacts the old 'Non-Index' I/S.
Both are on the SmartConsole > Open the Management Server Object > Logs > Storage.
It depends on 2 factors:
1. Daily Log/Indexed-logs retention via: 'Delete index files older than...'
(on R80.40 you can keep/delete both logs & indexed-logs in a more comfortable manner - recommended).
2. Disk-Space ('emergency') threshold for Logs/Indexed-logs retention, which depends on your actual disk-space in Logs partition (/var/log/), via: 'Delete files once threshold is below 'X' available space (default: 5GB==5000Mb).
Example: You have 10GB of Logs & 10GB of Indexed Logs per day. (~700 logs/sec)
Your total logs partition is 1000GB, so you can save around 1000/20 = 50 days of max logs/Indexed-logs, unless configured as less via daily retention.
Hope that's clear.
Unchecked = No daily retention for index-files, therefore only min threshold of disk-space is applied.
cpstat mg -f log_server (gives a good estimate of current logs/sec & last 10 mins/hour avg)
Log Receive Rate: X (X = logs/sec received)
Log Receive Rate Last Hour: Y (Y= logs/hour received, so use that to calculate the no. of logs)
logs/indexed-logs size calculation - rough estimation/rule of thumb
1 log = roughly 180 Bytes -> 1,000 logs/sec for 24 hours for a full day ~= 14.5GB of log-files & same 14.5GB of Indexed-logs == 29GB daily log & index size.
Exactly, whichever comes 1st.
but 30 days of keep/delete index files only (on R80.10). Log-files will remain till disk threshold.
on R80.40, We have added a daily keep maintenance for log-files as well.
Hi
Edit the Security Management Server object > Logs topic > Storage (Disk Space Management) and Additional Settings (Advanced Settings)
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY