Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
slay39
Explorer
Jump to solution

Checkpoint Management Log Size Problem

Hi Checkmates,

When I check the disk situation I saw log directory was full so that I removed old logs from $FWDIR/log/ directory. disk situation is okay now. When I controlled /var/log/opt directory, I saw 854G space allocated. Is that normal? If not, what should I do?

 

[Expert@hostname:0]# pwd
/var/log/opt
[Expert@hostname:0]# ls
CPSmartLog-R77 CPSmartLog-R80 CPrt-R77 CPrt-R80 CPshrd-R77 CPshrd-R80 CPsuite-R77 CPsuite-R80
[Expert@hostname:0]# du -h --max-depth=1
233M ./CPshrd-R77
173G ./CPsuite-R80
158M ./CPshrd-R80
143G ./CPrt-R77
391G ./CPsuite-R77
60G ./CPrt-R80
88G ./CPSmartLog-R77
200M ./CPSmartLog-R80
854G .
[Expert@hostname:0]#

0 Kudos
2 Solutions

Accepted Solutions
G_W_Albrecht
Legend
Legend

This is a known issue: If the SMS is upgraded In-Place, log files from old $FWDIR/log are copied to the new $FWDIR/log (e.g. /var/opt/CPsuite-R80.30/log). But to have a fallback for times the update fails, old logs are not deleted from e.g. /var/opt/CPsuite-R77.30/log.

You can easily confirm in WinSCP that the old log directories only contain old log files also available in the new log folder and remove these. Also see here how to do that: sk114114: Diskspacemanagement tools do not delete logs from previous Security Management versions

CCSE CCTE CCSM SMB Specialist

View solution in original post

0 Kudos
Dror_Aharony
Employee Alumnus
Employee Alumnus

Yes. 

Assuming you're now in R80.x & no longer need the old R77.x SML or SME log/events DBs, then yea.

follow sk157713:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Solution

To resolve the problem, delete the R77.x SmartLog/SmartEvent databases. To do so:

On SmartLog, run:

[Expert@Hostname]# rm -rf /var/log/opt/CPSmartLog-R7*/data/

On SmartEvent, run:

[Expert@Hostname]# rm -rf /var/log/opt/CPrt-R7*/events_db/

 

for FYI, Also remember your log storage threshold for deletion of current version is probably 5GB or less or whatever you've configured in the Mgmt/LS/SME server's object > Logs Storage > Delete when X...

 

View solution in original post

0 Kudos
5 Replies
G_W_Albrecht
Legend
Legend

This is a known issue: If the SMS is upgraded In-Place, log files from old $FWDIR/log are copied to the new $FWDIR/log (e.g. /var/opt/CPsuite-R80.30/log). But to have a fallback for times the update fails, old logs are not deleted from e.g. /var/opt/CPsuite-R77.30/log.

You can easily confirm in WinSCP that the old log directories only contain old log files also available in the new log folder and remove these. Also see here how to do that: sk114114: Diskspacemanagement tools do not delete logs from previous Security Management versions

CCSE CCTE CCSM SMB Specialist
0 Kudos
G_W_Albrecht
Legend
Legend

Why is this posted in SMB Appliances and SMP  ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
slay39
Explorer
I am so sorry for posting this question to wrong category.

I deleted old log files in CPsuite-R77 directory acording to sk114114. There are 88G index files in /var/log/opt/CPSmartLog-R77/data and 143G event files in /var/log/opt/CPrt-R77. Should I do sth for them?
0 Kudos
Dror_Aharony
Employee Alumnus
Employee Alumnus

Yes. 

Assuming you're now in R80.x & no longer need the old R77.x SML or SME log/events DBs, then yea.

follow sk157713:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Solution

To resolve the problem, delete the R77.x SmartLog/SmartEvent databases. To do so:

On SmartLog, run:

[Expert@Hostname]# rm -rf /var/log/opt/CPSmartLog-R7*/data/

On SmartEvent, run:

[Expert@Hostname]# rm -rf /var/log/opt/CPrt-R7*/events_db/

 

for FYI, Also remember your log storage threshold for deletion of current version is probably 5GB or less or whatever you've configured in the Mgmt/LS/SME server's object > Logs Storage > Delete when X...

 

0 Kudos
CheckPointerXL
Advisor

Hello Dror,

i'm on R81.10 since 4months.

 

it is safe to remove this whole folder?

 

sad.JPG

 

thank you

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events