Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Supporto_Checkp
Collaborator

import old log and reindex them on MDS 81.10

Hi

I have to import from our log server ( a linux machine where we move old logs ) two months of log ( 2021-07 and 2021-08 )

These logs are related to a specific CMA , call it CMANAME

I've done an scp from the server to my MDS-HA into /var/log/mds_log/CMANAME/log/

and from smart console if I try to open a single file I can correctly see it and read it

I need to reindex them because I need to do some reports ,and looking every single file is not a solution ( we have almost 30GB/day )

I prefer to use the MDS-HA because my primary MDS has not enought space at the moment

My log/index retention policy is 60days for index ,500 for log.

I wish to reindex only the two months that i'm looking for.




 

 

0 Kudos
2 Replies
Amir_Senn
Employee
Employee

I only know of a way to index logs up to a number of days and not specific dates, but maybe we can fool it for a while.

1. If you want the logs to be indexed on the MDS-HA you'll need to put them in the appropriate directory in CMA from the MDS-HA in the same domain. All CMA, from primary and secondary MDS are functioning as log servers as well so where it will be indexed depends only where it's located.

2. Since you keep indexes for 60 days, older logs would be indexed if we try to include the logs you want to index in the range. I think that you can move those log file to another folder temporarily so it won't index them as well.

3. Follow the SK for indexing older files - https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Be sure to disable retention for index files, otherwise it will delete them.

4. After it indexed them, you can follow the steps in the SK to return the value of number of days to index to the default value and put the logs file back.

I think this should give you the desired outcome.

Kind regards, Amir Senn
Supporto_Checkp
Collaborator

thx Amir , it's too long to proceed in this way

i've done a script with fwm logexport to obtain a single .csv with the entry i was looking for and then I worked on it in excel

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events