This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ihenock1011
Advisor
‎2023-12-19 11:29 PM

Log server indexing

Hi All,

I have a Check Point R81.10 Security Gateway and a Smart-1 SMS server, which is used as a log server as well. We are facing CPU spike issues, and we have disabled log indexing on these log servers. Now, when we view the logs, it displays something to the picture below. What does log indexing mean, and does the picture indicate any issues?

Regards,

 

 

log.jpg
Preview file
32 KB
0 Kudos
2 Replies
Alex-
Leader Leader
Leader
‎2023-12-20 12:21 AM

Without the indexes, you're reading the flat log files and need to manually open them, also the log search will be slower due to, well, no indexing. Latest log file is fw.log, so the active file.

Indexing is much more practical as you can search any indexed value over all files and as such, it is worth spec'ing up your SMS to support indexing if you have the ability to do so.

PhoneBoy
Admin
Admin
‎2023-12-20 08:08 AM

This is expected behavior.
Without log indexing enabled, you will only be able to search the currently opened log file.
A new one is created every 24 hours or 2GB of data (whichever comes first).

Note that log indexing is set at the lowest system priority, so it should not interfere with other processes.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top