This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
chico
Contributor
‎2019-06-27 07:42 AM
Jump to solution

Logs indexation 30 days R80.20 Take 87

Hello everybody,

I would like to generate some security reports but I can generate reports with only 30 days retentions. I changed the option to do not delete the index files older than 30 days.

I follow the process as mentionned in the SK sk111766  and configured the ./log_indexer -days_to_index <NUM_OF_DAYS_TO_INDEX> to 90 days but nothing as changed when I generate a report.

Logs_storage_SMS.png

 

logIndexer.png

If someone had the same issue and have find a solution ?

Regards,

 

Campos Miguel

 

 

Logs_storage_SMS.png
Preview file
15 KB
1 Solution

Accepted Solutions
chico
Contributor
‎2019-07-04 04:36 AM
In response to Dror_Aharony
Jump to solution

Hello Dror Aharony,

Thank you for your reply, I'm just restarted the indexer service but nothing changed. I find an another SK for run SmartEvent Offline Jobs for multiple logs "sk98894" but I don't understand the difference with the SK sk111766.

I send you the result from the doctor-log.sh

Thank you a lot for your feedback

 

Miguel

View solution in original post

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2019-06-27 03:30 PM
Jump to solution

Have you verified that you have 90+ days of logs to index?
If so, then you may want to involve the TAC.
0 Kudos
chico
Contributor
‎2019-06-27 11:01 PM
In response to PhoneBoy
Jump to solution

Hello,

Where can I check that ?

0 Kudos
PhoneBoy
Admin
Admin
‎2019-06-28 02:24 PM
In response to chico
Jump to solution

$FWDIR/log
A new log file is created daily at midnight and when a log file gets to 2GB in size.
The log files are named by date, so you should be able to see how far back your logs go.
0 Kudos
Sigbjorn
Advisor
Advisor
‎2019-06-27 10:42 PM
Jump to solution

The index file adds more space usage on top of the log files, so make sure you have enough free space available, or the oldest log will be deleted according to your policy.

chico
Contributor
‎2019-06-27 11:04 PM
In response to Sigbjorn
Jump to solution

Hello,

Yep, I already check this point, I have enough espace disk.

 

Regards,

Dror_Aharony
Employee Alumnus
Employee Alumnus
‎2019-07-03 01:30 AM
In response to chico
Jump to solution

Hi chico,

to Index older log-files up-to 90 days, you look to have configured it properly, assuming you restarted the Indexer (stopIndexer; startIndexer or evstop;evstart).

You definitely have enough space to avoid the 'emergency' min maintenance, more than 15% of Logs=/var/log/ partition (if I see it properly on your pic)?

 

if still doesn't work, Email me with output of:

$RTDIR/scripts/doctor-log.sh

 

 

Dror Aharony (drora@checkpoint.com)

0 Kudos
chico
Contributor
‎2019-07-04 04:36 AM
In response to Dror_Aharony
Jump to solution

Hello Dror Aharony,

Thank you for your reply, I'm just restarted the indexer service but nothing changed. I find an another SK for run SmartEvent Offline Jobs for multiple logs "sk98894" but I don't understand the difference with the SK sk111766.

I send you the result from the doctor-log.sh

Thank you a lot for your feedback

 

Miguel

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top