This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Filip_Wennerhul
Participant
‎2019-04-18 01:32 AM
Jump to solution

Filling var/log space due /opt/CPsuite-R80/fw1/tmp/dlp

Hi, anyone had an issue with not /var/log/opt/CPsuite-R80/fw1/CTX/CTX00001/tmp/dlp not being cleaned.

 

The customer are running MTA and Sandblast remote emulation and this is filling up on the gateway. No sandblast agent. There is this sk117634

This is an improved script that probably will help but i would like to know why the orignal script is failing. How long does it take between cleaning the directory (1 month or longer?). Can i see some logs regarding the execution of this script, if its failing to execute?

 

 

I found this script teCleanupOldFiles.elg

 

Thu Apr 18 10:17:32 CEST 2019: FINISHED cleanup on directory /opt/CPsuite-R80/fw1/CTX/CTX00001/tmp/te_files/ ...
Thu Apr 18 10:17:32 CEST 2019: Above threshold (27%) - Aggressive mode not required
Thu Apr 18 10:17:32 CEST 2019: Aquired lock, calling cleanupDirectory /tmp/ 4320 0 /tmp/(\{[A-F0-9]{8}-([A-F0-9]{4}-){3}[A-F0-9]{12}\}-?)+[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}\.tar\.gz
Thu Apr 18 10:17:32 CEST 2019: FINISHED cleanup on directory /opt/CPsuite-R80/fw1/CTX/CTX00001/tmp/te/te_tmp_files/ ...
Thu Apr 18 10:17:32 CEST 2019: cleanupDirectory _filesPattern is /tmp/(\{[A-F0-9]{8}-([A-F0-9]{4}-){3}[A-F0-9]{12}\}-?)+[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}\.tar\.gz
Thu Apr 18 10:17:32 CEST 2019: STARTING cleanup...
Thu Apr 18 10:17:32 CEST 2019: Above threshold (27%) - Aggressive mode not required
Thu Apr 18 10:17:32 CEST 2019: running command: find /tmp/ -mindepth 1 -maxdepth 1 -cmin +4320 -print | grep -P "/tmp/(\{[A-F0-9]{8}-([A-F0-9]{4}-){3}[A-F0-9]{12}\}-?)+[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}\.tar\.gz" | xargs -d '\n' rm -rf
Thu Apr 18 10:17:32 CEST 2019: Try acquire lock, on directory /var/log/py/jail/raw_files
Thu Apr 18 10:17:32 CEST 2019: FINISHED cleanup on directory /var/log/mal_files/ ...
Thu Apr 18 10:17:32 CEST 2019: Aquired lock, calling cleanupDirectory /var/log/py/jail/raw_files 1440 0
Thu Apr 18 10:17:32 CEST 2019: cleanupDirectory _filesPattern is
Thu Apr 18 10:17:32 CEST 2019: Above threshold (16%) - Aggressive mode not required
Thu Apr 18 10:17:32 CEST 2019: FINISHED cleanup on directory /tmp/ ...

 

 

but this does not seem to include this directory.

 

Can anyone help me find out why the original script is failing. This started happen recently without  any noticable change.

 

regards

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
MVP Silver
MVP Silver
‎2019-04-18 06:18 AM
Jump to solution

sk117634 is only one sk about such issues:

But what i do not understand is why you would like to know why the orignal script is failing. I am sure there is a reason, some people will even call it a bug, but for me it is most valuable to get a solution to the customers issue. An explanation may be fine, but how could it help you in this case ?

In sk117634, we read: There is a Python script on Security Gateway that runs periodically and is responsible for removing old temporary files that were not cleaned by the regular e-mail flow. However, in case the list of temporary files is getting too long until the next call to this script, it would fail to delete them, and the list of files would get bigger over time.

Does that not explain enough ?

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
3 Replies
Nick_Doropoulos
Advisor
‎2019-04-18 05:54 AM
Jump to solution

Hi Filip,

I'm afraid that the sk you mention is only visible to customers...

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2019-04-18 06:18 AM
Jump to solution

sk117634 is only one sk about such issues:

But what i do not understand is why you would like to know why the orignal script is failing. I am sure there is a reason, some people will even call it a bug, but for me it is most valuable to get a solution to the customers issue. An explanation may be fine, but how could it help you in this case ?

In sk117634, we read: There is a Python script on Security Gateway that runs periodically and is responsible for removing old temporary files that were not cleaned by the regular e-mail flow. However, in case the list of temporary files is getting too long until the next call to this script, it would fail to delete them, and the list of files would get bigger over time.

Does that not explain enough ?

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Filip_Wennerhul
Participant
‎2019-04-25 12:16 AM
In response to G_W_Albrecht
Jump to solution

Okey, you have a point. I will accept this solution and add the script according to SK.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events