This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ESpataro
Contributor
‎2022-11-08 02:59 AM
Jump to solution

Disk Space issues on Gateway

I am trying to clear some disk space on one of our Gateways as teh Var/log area is 88% used.

 

However I am unsure on which files can be safely deleted , below is an output showing the directories which seem to be taking up space and they seem to older versions of checkpoint. These may be old files from previous upgrades but I am not sure

 

any help appreciated 

 

Expert@xxxx-xxx:0]# du -h --max-depth=1 /var/log/opt | sort -n -r
832K    /var/log/opt/CPcvpn-R80.30
665M    /var/log/opt/CPsuite-R80.20
380K    /var/log/opt/CPcvpn-R80.20
192K    /var/log/opt/CPshrd-R80
112M    /var/log/opt/CPsuite-R80
20G     /var/log/opt
8.8G    /var/log/opt/CPsuite-R80.30
7.1M    /var/log/opt/CPshrd-R80.30
5.2M    /var/log/opt/CPshrd-R80.20
5.1G    /var/log/opt/CPshrd-R80.40
2.2M    /var/log/opt/CPcvpn-R81.10
2.1G    /var/log/opt/CPsuite-R80.40
1.8G    /var/log/opt/CPshrd-R81.10
1.5M    /var/log/opt/CPcvpn-R80.40
1.5G    /var/log/opt/CPsuite-R81.10

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend
‎2022-11-09 06:56 AM
In response to the_rock
Jump to solution

CP special tipp:

I would suggest to run the following command as well:

find / -type f -size +100000 -exec ls -lh {} \; 2> /dev/null | awk '{ print $NF ": " $5 }' | sort -nk 2,2

This will display all files greater than 10MB and sort them in a readable and understandable way.

CCSE CCTE CCSM SMB Specialist

View solution in original post

11 Replies
PhoneBoy
Admin
Admin
‎2022-11-08 05:36 AM
Jump to solution

Deleting any of the directories is not recommended.
Might try something like the following: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

ESpataro
Contributor
‎2022-11-08 05:41 AM
In response to PhoneBoy
Jump to solution

Thanks , I have seen this sk article , but I have been told that this script is not compatible with R81.10 unfortunately 

0 Kudos
the_rock
Legend
Legend
‎2022-11-08 06:53 AM
Jump to solution

I always do something like this. First, run df -h and see what dir is the "fullest". Then, say it shows its /var/log at, for argument sake, at 90% capacity, do something like this:

find /var/log -size +500000000c 

That will look for ANY files bigger than 500 MB in /var/log. You can apply same method for any dir and any file size.

Andy

 

ESpataro
Contributor
‎2022-11-08 07:51 AM
In response to the_rock
Jump to solution

Thanks Andy , the issue I have though knowing which files can be safely deleted , as you can see from my output above , for example

 

8.8G    /var/log/opt/CPsuite-R80.30 - this directory is taking up 8.8G
within these directories I am not sure which files are safe to delete

0 Kudos
the_rock
Legend
Legend
‎2022-11-08 08:14 AM
In response to ESpataro
Jump to solution

Ok, got it...can you run find command on that dir? So say find /var/log/opt/CPsuite-R80.30 -size +500000000c

Andy

ESpataro
Contributor
‎2022-11-09 12:46 AM
In response to the_rock
Jump to solution

This what I get from that output 

[Expert@xxxx-xxx:0]# find /var/log/opt/CPsuite-R80.30 -size +500000000c
/var/log/opt/CPsuite-R80.30/fw1/log/2020-09-05_000000.log
/var/log/opt/CPsuite-R80.30/fw1/log/2020-09-04_000000.log
/var/log/opt/CPsuite-R80.30/fw1/log/2021-02-01_000000.log
/var/log/opt/CPsuite-R80.30/fw1/log/2020-08-16_000000.log
/var/log/opt/CPsuite-R80.30/fw1/log/2020-08-17_000000.log

0 Kudos
ESpataro
Contributor
‎2022-11-09 03:13 AM
In response to ESpataro
Jump to solution

Is it safe to delete the above files ?

0 Kudos
the_rock
Legend
Legend
‎2022-11-09 06:25 AM
In response to ESpataro
Jump to solution

Its from 2021 and 2020, Covid years my friend : - ). I think safe to delete.

G_W_Albrecht
Legend
Legend
‎2022-11-09 06:56 AM
In response to the_rock
Jump to solution

CP special tipp:

I would suggest to run the following command as well:

find / -type f -size +100000 -exec ls -lh {} \; 2> /dev/null | awk '{ print $NF ": " $5 }' | sort -nk 2,2

This will display all files greater than 10MB and sort them in a readable and understandable way.

CCSE CCTE CCSM SMB Specialist
Hugo_vd_Kooij
Advisor
‎2022-11-10 10:59 PM
Jump to solution

I find that cpview tends to leave about large files. Yesterday I was upgrading a cluster of 3100 appliances and /var/log was filled at 81%

In /var/log/opt/CPshrd-R80.40 there was a bunch of 5 large ond cpview_xxxxxxxxx.dat files. and getting rid of them lowered disk usage in /var./log to 31%

As far as old logs go if your gateway is supposed to send them of to the SmartCenter then any set of log files indicate connectivity iissues where the gateway is unable to send logs to the SmartCenter. If that happens a lot you need to investigate why this happens. As a normal safeguard you should  configure logging to forwar live logging but aalso roud up the logs once a day in case stuff gets left behind.

There is a bunch of notes that I must put infto some best practises documents some day. Propably also put it into a nice Ansible playbook as a lot of cleaning up can be automated in my view.

(Just don't hold you breath on it. It's on a too long to-do list.)

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>