How to decrease a usage of /dev/mapper/vg_splat_lv...

Egor_Cherkasov · ‎2019-03-11

Hello Checkmates,

there is the promlem and I cannot still understand what is the folder /dev/mapper/vg_splat_lv-log , which is mounted in /var/log/ resposible for?

There is a screenshot , where you can see that the /var/log/ folder is quickly filling.

During the last 7 days the usage has increased from 53% to 63%.

I guess that is a very rapid and anomaly behaviour.

Advise please how to solve this problem with quick filling.

Can I do something and solve this problem?

Thank you very much!

HeikoAnkenbrand · ‎2019-03-11

Enlarge the partition. More see here:

Managing partition sizes via LVM manager on Gaia OS

HeikoAnkenbrand · ‎2019-03-11

Or this very nice doku to add an disk:

https://community.checkpoint.com/message/32132-how-to-add-a-new-disk-and-expand-the-log-file-system

Egor_Cherkasov · ‎2019-03-11

Thank you for a quick answer, but does that mean that all the files in that folder are necessary and we cannot remove some of them?

HeikoAnkenbrand · ‎2019-03-11

Delete old log files from management server.

$FWDIR/log is a S-Link to this directory in /var/log/.

for R80.10: /var/log/opt/CPsuite-R80.10/fw1/log/

for R80.20: /var/log/opt/CPsuite-R80.20/fw1/log/

Here you can delete old logs from SmartLog after the date.

HeikoAnkenbrand · ‎2019-03-11

For example for the 2019-01-20

# cd /var/log/opt/CPsuite-R80.10/fw1/log

# rm 2019-01-20*

You can also use "cd $FWDIR/log/"

HeikoAnkenbrand · ‎2019-03-11

Or all logs for January 2019

# cd /var/log/opt/CPsuite-R80.10/fw1/log/

# rm 2019-01*

Egor_Cherkasov · ‎2019-03-11

Yes, I've understood your very useful information, once again thank you!

Vincent_Bacher · ‎2019-03-11

or

find $FWDIR/log -type f -name '201*' -mtime +30 -exec rm {} \;

for such files older than 30 days

and now to something completely different

HeikoAnkenbrand · ‎2019-03-11

https://community.checkpoint.com/people/8221a355-5448-47cb-9c8a-d5f330a5909c - Nice one liner!

Comes into my CLI one liner collection!

Wolfgang · ‎2019-03-11

This directory holds all logs. Logs from your gateways and all logs of your managementserver. Regarding the amount of your logged traffic this is normal behaviour. Extending the partion Heiko mentioned is the best solution.

Wolfgang

Vincent_Bacher · ‎2019-03-11

If the log is not filled up by normal logs, maybe a debug is running and forgotten to turn off?
So maybe some *.elg files permanently growing?
then
fw ctl debug 0
could help
Or if the files are vpnd.elg and ike.elg
vpn debug truncoff
could help

If it's just old log data, you ma delete the oldest if not needed.

and now to something completely different

Egor_Cherkasov · ‎2019-03-11

Do you mean to use RemoveOldVersion.tar script by Check Point?

Vincent_Bacher · ‎2019-03-11

No, old logfiles. SMS is usually rotating logs renaming the old files using timestamp ath the beginning.

and now to something completely different

Vincent_Bacher · ‎2019-03-11

Just have a look at Heikos descriptions above

and now to something completely different

Egor_Cherkasov · ‎2019-03-11

Thank you gentlemen!

I am going to try this approach.

_Val_ · ‎2019-03-11

Just make sure you do not delete logs you have to keep 🙂

I would rather suggest archiving those, sending to an external location via ftp or sftp and then remove

How to decrease a usage of /dev/mapper/vg_splat_lv-log