This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
chico
Contributor
‎2019-06-27 07:42 AM

Logs indexation 30 days R80.20 Take 87

Jump to solution

Hello everybody,

I would like to generate some security reports but I can generate reports with only 30 days retentions. I changed the option to do not delete the index files older than 30 days.

I follow the process as mentionned in the SK sk111766  and configured the ./log_indexer -days_to_index <NUM_OF_DAYS_TO_INDEX> to 90 days but nothing as changed when I generate a report.

Logs_storage_SMS.png

 

logIndexer.png

If someone had the same issue and have find a solution ?

Regards,

 

Campos Miguel

 

 

Preview file
15 KB
Reply
1 Solution

Accepted Solutions
chico
Contributor
‎2019-07-04 04:36 AM
In response to Dror_Aharony

Jump to solution

Hello Dror Aharony,

Thank you for your reply, I'm just restarted the indexer service but nothing changed. I find an another SK for run SmartEvent Offline Jobs for multiple logs "sk98894" but I don't understand the difference with the SK sk111766.

I send you the result from the doctor-log.sh

Thank you a lot for your feedback

 

Miguel

View solution in original post

0 Kudos
Reply
7 Replies
PhoneBoy
Admin
Admin
‎2019-06-27 03:30 PM

Jump to solution
Have you verified that you have 90+ days of logs to index?
If so, then you may want to involve the TAC.
0 Kudos
Reply
chico
Contributor
‎2019-06-27 11:01 PM
In response to PhoneBoy

Jump to solution

Hello,

Where can I check that ?

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2019-06-28 02:24 PM
In response to chico

Jump to solution
$FWDIR/log
A new log file is created daily at midnight and when a log file gets to 2GB in size.
The log files are named by date, so you should be able to see how far back your logs go.
0 Kudos
Reply
Sigbjorn
Advisor
‎2019-06-27 10:42 PM

Jump to solution

The index file adds more space usage on top of the log files, so make sure you have enough free space available, or the oldest log will be deleted according to your policy.

Reply
chico
Contributor
‎2019-06-27 11:04 PM
In response to Sigbjorn

Jump to solution

Hello,

Yep, I already check this point, I have enough espace disk.

 

Regards,

Reply
Dror_Aharony
Employee
Employee
‎2019-07-03 01:30 AM
In response to chico

Jump to solution

Hi chico,

to Index older log-files up-to 90 days, you look to have configured it properly, assuming you restarted the Indexer (stopIndexer; startIndexer or evstop;evstart).

You definitely have enough space to avoid the 'emergency' min maintenance, more than 15% of Logs=/var/log/ partition (if I see it properly on your pic)?

 

if still doesn't work, Email me with output of:

$RTDIR/scripts/doctor-log.sh

 

 

Dror Aharony (drora@checkpoint.com)

0 Kudos
Reply
chico
Contributor
‎2019-07-04 04:36 AM
In response to Dror_Aharony

Jump to solution

Hello Dror Aharony,

Thank you for your reply, I'm just restarted the indexer service but nothing changed. I find an another SK for run SmartEvent Offline Jobs for multiple logs "sk98894" but I don't understand the difference with the SK sk111766.

I send you the result from the doctor-log.sh

Thank you a lot for your feedback

 

Miguel

View solution in original post

0 Kudos
Reply