This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
rozkie20
Participant
2 weeks ago

Log Retention Limitation on Check Point 2000 Cluster (Locally Managed)

Hi Everyone,

We are currently using a Check Point Cluster 2000 appliance in locally managed mode. Recently, we have observed that the system is only retaining approximately 22,000 logs, which is significantly lower than expected.

Previously, we were able to store up to 20 million logs without any issue. We're unsure why the log retention capacity has suddenly decreased.

Has anyone experienced a similar issue? Any insights or suggestions would be greatly appreciated.

Thank you in advance.

Preview file
60 KB
Preview file
33 KB
Preview file
51 KB
0 Kudos
7 Replies
G_W_Albrecht
Legend Legend
Legend
2 weeks ago

Did you perform any changes, e.g. firmware update ? How is this configured:

Screenshot 2025-06-23 102145.png

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
rozkie20
Participant
2 weeks ago
In response to G_W_Albrecht

Hi Albrecht,

in the last, we upgraded to 81.10.17. 

I also try with configure Litmit the number of logs to search to 20 milliions but it still limit by 22000 and nothing change. with peer member in the cluster we change to 20 millions and we see it have 19 millions logs and this gateway is limited. I do not know the reason why?

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
2 weeks ago
In response to rozkie20

So the limitation appeared after upgrade to 81.10.17. ? Did you try to revert to the former version ?

 

What if you uncheck the Limit the number.. setting ? Then it should be unlimited...

With same firmware version on both nodes all should be OK. I just wonder why you differentiate between active and standby member - usually, you only connect to the VIP (that is the active node) and only do configuration changes there, as the standby will sync it automatically.

I would suggest to contact CP TAC to get behind this!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee
2 weeks ago
In response to rozkie20

Please raise the issue with TAC for investigation, if there is a limit imposed for 1500 series devices for instance it shouldn't apply to 2000 series devices with additional storage for mind. 

CCSM R77/R80/ELITE
0 Kudos
ohadp
Employee
Employee
2 weeks ago

Did you check Extended Monitoring via the Infinity Portal?
It’s much better, with many more capabilities.

https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Locally_Managed/EN/Content/Topics/Exte...

https://www.youtube.com/watch?v=q-7YxwIBMXo 

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
2 weeks ago

Is this unit R81.10.17 firmware and did someone install an SD card or stop local logging by chance?

https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Locally_Managed/EN/Content/Topics/View...

CCSM R77/R80/ELITE
0 Kudos
rozkie20
Participant
2 weeks ago
In response to Chris_Atkinson

Exactly, we using firmware version R81.10.17, which was recommended by TAC.

So we have not made any recent configuration changes, but we’ve noticed that the system is now limiting log retention to approximately 22,000 entries. Older logs appear to be automatically deleted, even though we previously observed the system storing up to 20 million logs

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events