- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
We've been struggling with log search performance since upgrading to R80.10 (yes - we have upgraded VM HW, quadrupled it to 16 cores and 128GB RAM but still slow). Case is still open with CP and if anyone has good ideas let us know!
On the side I wrote this one-liner that gives you quick look at indexer backlog - it will show which files are being crunched apart from fw.log and fw.adtlog. This is MDS version so just take the outside loop away and it should work on SmartCentre server.
ls -1 $MDSDIR/customers | while read CLM; do mdsenv $CLM; echo; echo $CLM; cat $INDEXERDIR/data/FetchedFiles | while read line; do if [ `echo $line | awk '{print $7}'` -eq 0 ] && [ `echo $line | grep -c " fw."` -eq 0 ] && [ `echo $line | grep -c "serialization"` -eq 0 ]; then echo $line; fi done; done
Output will look like this, you can see that two files under CLM-x are being crunched apart from fw.log and fwadt.log
Good reading reference in sk112336 and sk97885
Another one for the https://community.checkpoint.com/community/management/visibility-monitoring?sr=search&searchId=f1156... space
Thanks for sharing!
Is it normal that FetchedFiles file shows log files, which are not even existing on MLM at all?
I would re-build FetchedFiles as described here
nice
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY