Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ryan_Ryan
Advisor
Jump to solution

Forensics logs filling up the log partition

Hi we have cloudguard firewalls (R80.10) that are constantly filing their log partition to 100% due to the 'forensics' track option being enabled under the TP policy.

(files are in /var/log/opt/CPsuite-R80/fw1/log/forensics and all have *.cap extension)

Rather than just turn this off, is there a way to start rolling the files once disk space exceeds 90% or so? or even better can we have the cap files stored on the log server rather than the gateway?

 

 

 

 

1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

Known issue in your EOL version: sk165914: IPS Forensic logs (packet capture) are not being deleted

 

Watch My 2023 CPX360 Speech Titled "Max Power
Reloaded: R81+ Gateway Performance Innovations"

View solution in original post

2 Replies
Timothy_Hall
Champion
Champion

Known issue in your EOL version: sk165914: IPS Forensic logs (packet capture) are not being deleted

 

Watch My 2023 CPX360 Speech Titled "Max Power
Reloaded: R81+ Gateway Performance Innovations"
Ryan_Ryan
Advisor

Thanks Timothy good to know (unfortunately R80.10 is the latest version we can run on nsx-v)

0 Kudos