Hej Tomer - as I mentioned, my problem is "manual" the handling. I'd rather see option to say save only last 20 revisions (or no revisions at all). Manual purge seems very old-school approach, who has time for manual tasks these days 

Also the fact it is failing now and there is no information available how to troubleshoot it (where are more detailed logs, what processes etc). I really dislike raising SRs that just says "it does not work", I'd rather send in some useful information that we have checked this and that before whinging

You are raising 2 things

- why is purge revisions manual: understood, and planned for our next releases. May I ask how many Management revisions do you have at the moment? Also, the IPS revisions purge, which might have larger impact on a Management Server size, is automatic. How can I control the size of my R80.10 Security Management Server? 

- Bug in purge which results in your inability to control the size of your security management server - SR is the way to go. Check Point Support should be able to investigate the root cause and prevent this from happening to others as well. I suppose export of the logs at $MDS_FWDIR/log/*.* should be enough for this case, but they may still ask for larger files. I agree with you - SR's are not fun, we definitely aim to give more self-help tools to our customers, but at the moment this issue seems to be unique at your end. 

We 150+ revisions since last March there. That's visible on MDS level. Then on busy CMA it's 1000+. And then it's nearly 20 CMAs..

Regarding IPS we should be OK as we have take 42.

SR on it's way  thanks for looking into it

also, there's this one https://community.checkpoint.com/thread/5064-r8010-architecture-overview 

Already liked and downloaded Tomer!

I was just pulling your leg of course since your book comes up in every second post Tim (I bought it! )  but I would be really grateful if you could share some info! Still lot to learn with R80.. 

Sounds like an opportunity for another book for you!

It is there

From audit point of view, it would be better to choose "sessions-older-than-days" ... Simply say that delete all sessions older than XY days. For example delete all session older than 3 months.

I know that it can be done using "date" and after that "preserve-to-date" argument ... just an idea how to tune this command

And the argument to be used at the moment for "preserve-to-date" will be the output of following:

date --iso-8601=seconds -d "-3 months"

It will print date exactly 3 months ago in ISO 8601 format.

Hi all,

I'm Ran and I'm a manger in the R&D of Check Point, responsible for I/S in the Management Server, specifically Revisions.

I would like to raise the awareness again to the above API.

It is available since version R80.20 GA and can be used easily to implement a scheduled automatic Purge in your environment.

Note that it is important to use Purge once in a while, to keep your Management size small, both for better disk space usage and better general performance of the Management.

Hi all,

I'm happy to update that we are in the last phase of developing a new "automatic purge" API.
Our target is to include it in one of the next Jumbo HFs for versions R80.20 , R80.30 and R80.40.

If any of you would like to deploy and use it before it is officially released, please send me an email with your environment details, specifically which version you are using and we will prepare this private HF on top of it for you.

Thanks,
Ran

Hi,

For start the feature will available from the API only. (no GUI) 

Thanks,
Ran 

I see this new ability was just added to jumbo 217 for 80.30. How is this accomplished based on user configuration?

I saw the new API allows this, I guess there should be a conf file as well.

But please be aware that you can purge away, but 'object deletes' from revision sessions are not deleted.

Please see sk166555 which is still not integrated in JHF.

It took us a while to find this, and we were happy to lose the 250.000 stale entries in the db....

/Henrik