This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hllrdm
Contributor
‎2022-08-05 12:57 AM

Optimizing HD space usage on the management server

We have a problem that there are many Security Gateways connected to the management server and the logs on the management server are only stored for 3 days.
We would like the logs to be stored for at least 14 days.
We are using MDS solution, MDS server is configured with settings (screen).
We have 300 Gb of space available on the server of interest.
How can we currently optimize log storage on the management server and increase log storage time? Or can we do it only if we buy a new Check Point server?
How do we calculate the number of logs that come to the management server per day (I am interested in the Gb figure) and for each of the Security Gateways.

Log1.jpg

According to the SmartConsole (File - Open Log Files...), we see 22-23 files of 2 Gb per day. The average is 40-45 Gb per day.

How can you find out where the rest of the space goes? And how do we optimize it? Do I understand correctly that the logs are stored in /var/log/?

0 Kudos
8 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-08-05 01:10 AM

You mean HD space, not memory, i guess ! See https://www.checkpoint.com/downloads/products/smart-1-security-management-platform-datasheet.pdf for such estimates according to the number of GWs.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Hllrdm
Contributor
‎2022-08-05 01:21 AM
In response to G_W_Albrecht

Yes, we are talking about HD space. But as I write above, that in (File - Open Log Files...) there is information only for 22-23 files of 2 gb per day, that is, we get 40-45 Gb per day. Where does the remaining memory go if we have 1.8TB of memory on the management server. Maybe we need to configure additional settings to keep logs longer? Or do we need to clean up the space?
It seems to me that we have some settings that are not configured correctly and we need additional configuration either on the MDS or the management server to keep the logs longer and localize unnecessary logs.

Log settings.jpg

0 Kudos
Hllrdm
Contributor
‎2022-08-05 01:40 AM
In response to Hllrdm

UPD: 

My assumption is correct, I see that the logs on the management server are stored logs 40 GB per day.
But /var/log/ is loaded up to 1.5 GB, and we see logs for 3 days.
What do we need to configure additionally to solve the space load problem and allow the logs to be stored for a longer period of time.

Logs_Investigator.jpg

 

0 Kudos
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-08-05 07:10 AM
In response to Hllrdm

You can always start by checking largest directories in order to find out whats filling them. Might be backups or snapshot exports

du -k /var/log/ -b | sort -n

image.png

 

G_W_Albrecht
MVP Silver
MVP Silver
‎2022-08-05 01:48 AM
In response to Hllrdm

This screenshot shows that Logs Retention is currently configured as According to Multi-Domain settings. Select Override Multi-Domain settings and configure your numbers.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-08-05 01:49 AM

In the screenshot, no Daily Logs Retention configuration is set.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Hllrdm
Contributor
‎2022-08-05 01:51 AM
In response to G_W_Albrecht

In that case, will the upstream server obey its local settings?
Can you please tell me how to correctly free the memory of /var/log/? I understand correctly that the logs are stored in /var/log/, right?
If my reasoning is correct, then /var/log/ stores all sorts of unnecessary files. And if we enable data storage settings and indexing them, we need to have free space in /var/log/.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-08-05 06:43 AM
In response to Hllrdm

For those reading at home the discussion was continued in a duplicate thread here:

https://community.checkpoint.com/t5/Management/How-to-know-the-amount-of-memory-allocated-to-the-log...

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events