We have a problem that there are many Security Gateways connected to the management server and the logs on the management server are only stored for 3 days.
We would like the logs to be stored for at least 14 days.
We are using MDS solution, MDS server is configured with settings (screen).
We have 300 Gb of space available on the server of interest.
How can we currently optimize log storage on the management server and increase log storage time? Or can we do it only if we buy a new Check Point server?
How do we calculate the number of logs that come to the management server per day (I am interested in the Gb figure) and for each of the Security Gateways.
According to the SmartConsole (File - Open Log Files...), we see 22-23 files of 2 Gb per day. The average is 40-45 Gb per day.
How can you find out where the rest of the space goes? And how do we optimize it? Do I understand correctly that the logs are stored in /var/log/?
Yes, we are talking about HD space. But as I write above, that in (File - Open Log Files...) there is information only for 22-23 files of 2 gb per day, that is, we get 40-45 Gb per day. Where does the remaining memory go if we have 1.8TB of memory on the management server. Maybe we need to configure additional settings to keep logs longer? Or do we need to clean up the space?
It seems to me that we have some settings that are not configured correctly and we need additional configuration either on the MDS or the management server to keep the logs longer and localize unnecessary logs.
UPD:
My assumption is correct, I see that the logs on the management server are stored logs 40 GB per day.
But /var/log/ is loaded up to 1.5 GB, and we see logs for 3 days.
What do we need to configure additionally to solve the space load problem and allow the logs to be stored for a longer period of time.
You can always start by checking largest directories in order to find out whats filling them. Might be backups or snapshot exports
du -k /var/log/ -b | sort -n
| User | Count |
|---|---|
| 5 | |
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 1 | |
| 1 |
Mon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsMon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
