This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
S_E_
Advisor
‎2021-04-13 12:00 AM

disc management

Jump to solution

Hi

just reviewing disc management on a MDS R80.40.
What is the best practice to do housekeeping in terms of fw logs to avoid disk full scenarios.
e.g. If you want to keep log files / audit log files for a period of time. Ideally adjustable per domain(CMA).

Logs/Advanced settings is only available for gateways, correct?

Or is creating cleanup scripts with cron jobs the way to go.

Regards

0 Kudos
1 Solution

Accepted Solutions
JozkoMrkvicka
Leader
Leader
‎2021-04-13 08:06 AM
In response to S_E_

Jump to solution

You need to take care about log files (.fwlog files), but ALSO indexed logs.

In case of MDS, you dont have possibility to set treshold in SmartConsole like you want for specific domain. You need script to delete logs for specific domain ( /var/log/mds_logs/<domain_name>/logs/ ).

In case of index files, see 
How to configure log/Indexes maintenance policy for Global SmartEvent and MDS

Kind regards,
Jozko Mrkvicka

View solution in original post

7 Replies
G_W_Albrecht
Legend
Legend
‎2021-04-13 12:44 AM

Jump to solution

See  sk98126: Best Practices - Configuration of logging from Security Gateway to Security Management Ser...

 

CCSE CCTE SMB Specialist
0 Kudos
S_E_
Advisor
‎2021-04-13 01:01 AM
In response to G_W_Albrecht

Jump to solution

Yes, thanks, this is more related to gateways.

Couldn't see any disc quota stuff for management.

Regards

0 Kudos
G_W_Albrecht
Legend
Legend
‎2021-04-13 01:16 AM
In response to S_E_

Jump to solution

logsms.png

CCSE CCTE SMB Specialist
0 Kudos
S_E_
Advisor
‎2021-04-13 01:27 AM
In response to G_W_Albrecht

Jump to solution

Hi

The request was to keep logs for a certain amount of time. How does this setting differentiate certain domains and time?

Something like [] delete logs older than 90 days / domain1...

Thanks

Regards

0 Kudos
JozkoMrkvicka
Leader
Leader
‎2021-04-13 08:06 AM
In response to S_E_

Jump to solution

You need to take care about log files (.fwlog files), but ALSO indexed logs.

In case of MDS, you dont have possibility to set treshold in SmartConsole like you want for specific domain. You need script to delete logs for specific domain ( /var/log/mds_logs/<domain_name>/logs/ ).

In case of index files, see 
How to configure log/Indexes maintenance policy for Global SmartEvent and MDS

Kind regards,
Jozko Mrkvicka
G_W_Albrecht
Legend
Legend
‎2021-04-13 08:51 AM
In response to JozkoMrkvicka

Jump to solution

This sk is the solution i think - it explain all log and index size settings for MDS.

CCSE CCTE SMB Specialist
0 Kudos
S_E_
Advisor
‎2021-04-13 11:06 PM
In response to JozkoMrkvicka

Jump to solution

hi,

ok, this helps (sk117317).

sk123532 log_keep_on_days and log_keep_days_value are no longer supported.

The disc size approach does not help due to the fact it is shared across all domains with different amount of logs.

I will try to create scripts.

Thanks a lot

Regards

 

 

0 Kudos