Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
fiq_c
Explorer

Delete Logs

We are planning to upgrade our Checkpoint devices to R81.10.

From R81.10 Release Notes its require free disk space for 20 GB in the root partition and 10 GB in the /var/log partition.

 

I found that our device don't have 10 GB free disk space in /var/log partition:

2022-08-03_115350.jpg

I found folder that consume 45GB in /var/log/opt/CPsuite-R77/fw1/log/:

2022-08-03_115946.jpg

There is a lot of old log files:

2022-08-03_133545.jpg

Exisiting version of the device is R80.10.

 

My question:

1. Is it safe to delete the log file with extension .log, logptr, logaccount_ptr and loginitial_ptr?

2. If I delete with command example: "rm 2019-08-23_002241_534.log" is it the correct way?

3. Is there negative impact to the device if I delete it?

 

I have been searching but not found the article (SK) about procedure to delete the files.

I'm quite new to CP world, please advice.

 

Thanks.

9 Replies
_Val_
Admin
Admin

Hi, there are quite a few discussions about this topic you can find in the community, and I believe your answers are all there.

 

Please start here: https://community.checkpoint.com/t5/Management/Howto-automatic-remove-log-entries-older-then-x-days-... and then let me know if you need any further assistance. 

0 Kudos
Tobias_Moritz
Advisor

Val, I think the key point here is, that this box is running R80.10 currently (yes, out of support) and these logs are in path /var/log/opt/CPsuite-R77/fw1/log/.

Looks that are left-overs from an old in-place upgrade from R77 to R80.

I would say, its save to manually deleted them. Any other options?

0 Kudos
_Val_
Admin
Admin

If they do not need those logs, then yes. It is hard to make a general recommendation here, without additional info. Do they need to keep the logs? What is the log rotation policy and audit requirements? I do not know.

If they feel they do not need those logs, sure, they all can be deleted. 

However, considering the main goal here is upgrading to R81.10, and knowing it cannot be done in a single shot from R80.10, I would suggest not an upgrade in place, but an advanced upgrade. They do want to benefit of the new file system with 3.10 kernel, so I would suggest an advanced upgrade with reimaging or even moving to a new HW. 

0 Kudos
fiq_c
Explorer

Hi Val and Tobias.
Thanks for respond in this Post.

We dont need to keep the logs, our concern if we delete the logs there is any negative impact to the device like the device become crash and etc.

Today I finally found the document that explain to delete the logs.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

So it is safe to delete the logs.

FYI, our management server version is R80.30 kernel 3.10 and there is some gateway cluster still using version R80.10 that don't have 10 GB free disk space in /var/log partition like I explain in previous post.

from R81.10 Release Note

2022-08-04_161158.jpg

I can upgrade management server R80.30 kernel 3.10 to R81.10 directly and cluster gateway version R80.10 to 81.10 directly, CMIIW.

Thanks.

0 Kudos
_Val_
Admin
Admin

Please note, @fiq_c , the SK you linked above is for old and unsupported Gaia versions, R77.30 and below. It cannot be directly applied to your case. 

That said, I am glad your issue is resolved and you can move on with the upgrade

0 Kudos
scenarist
Contributor

Hello guys

 I would like to free up space in path /dev/mapper/vg_splat-lv_log 

171.png

and I want to ask,  may I delete logs in these three folders to free up space. I am using CPSuiteR81.10 and I don't need these logs from old versions.

170.png

Also I am little bit confused about Gaia snapshot. Snapshot will require 20 GB free space from which partition ?

173.png

 

 

 

0 Kudos
Lesley
Leader Leader
Leader

For question about snapshot:

Gaia and Check Point Appliances running SecurePlatform store all snapshots as Logical Volume Management (LVM) volumes.

Note: On Gaia OS, snapshots are not files, but disk volumes that are stored as a disk partition, therefore the directory name is not relevant here. It is possible to view list of virtual drives by running the "lvs" command (in the Expert mode).

For question about cleaning up disk space, I would not remove files by hand it should normally not be needed.

Instead try to invest why thw mgmt is not clearing up logs files soon enough maybe tweak those settings so you have a bit more space left in var/log 

Follow this SK for this: https://support.checkpoint.com/results/sk/sk98126

-------
If you like this post please give a thumbs up(kudo)! 🙂
(1)
scenarist
Contributor

Thank you very much for great explanation and guidelines. I would like to mention that I am a little more than a beginner to CP but I am trying to catch up all specifics about it.

anyway, mgmt server > state of my disks is

182.png

I changed option "Keep log files for an extra" from 240 to 200 days.

I hope that it will free up space on file system /dev/mapper/vg_splat-lv_log 619G 590G 4.2G 100% /var/log  and after that  I hope that I will be able to make a snapshot via Gaia portal.

185.png

besides that I would like to ask for some guidelines how to expand the root partition or on which volume I need to increase space? (my cp mgmt server is VM in VMware vCenter and I already increased space on all physical disks through vSphere but what are the next steps I have to do)

026.png

I drew a block diagram of lvm of cp mgmt

201.png

0 Kudos
Stadtverwaltung
Explorer

We ran into the same issue. In /def/mapper/vg_splat-lv_log is 99% in use. 

I set the "When disk space is below" parameter from 5GB to 90GB. After that the CP began to cleanup the log directory of the current FW, but old FW directorys stay at ~140GB.

Any recommandations?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events