Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Do you have SmartLog enabled? If so, did you also configure the log server to purge indexes as well as logs?
Those index files will get very unruly if they aren't purged along with the logs!
Yes, SmartLog is enabled and the Index is set to delete at 14 days. We did the start/stop command as well. Are these settings on the manager or logs server itself?
Thanks for the help!
In your case, it should be set on the log server. In the bottom left of SmartLog, there should be a gauge that shows your disk usage. If you hover over it, you should get more detail.
What do you see consuming the majority of your space? Log Indexes would be the actual index files for SmartLog. I've found that typically "Other" constitutes the traditional flat log files that SmartView Tracker uses. Checking this may at least give you a better handle of where your space is going.
If you see Other consuming more space than you're expecting, I would make sure your cleanup script actually cleaned up the old files going back in time instead of just moving forward.
You can check $FWDIR/log to see what's sitting around in there:
If there are lots of old flat file logs still sitting there, maybe try removing some and see if that helps improve your log index retention by relieving some disk space? Usually, I just use the rm command with some wildcard to do small blocks at a time.
