- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix! 
All Videos In One Space
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
We have a problem that there are many Security Gateways connected to the management server and the logs on the management server are only stored for 3 days.
We would like the logs to be stored for at least 14 days.
We are using MDS solution, MDS server is configured with settings (screen).
We have 300 Gb of space available on the server of interest.
How can we currently optimize log storage on the management server and increase log storage time? Or can we do it only if we buy a new Check Point server?
How do we calculate the number of logs that come to the management server per day (I am interested in the Gb figure) and for each of the Security Gateways.
According to the SmartConsole (File - Open Log Files...), we see 22-23 files of 2 Gb per day. The average is 40-45 Gb per day.
How can you find out where the rest of the space goes? And how do we optimize it? Do I understand correctly that the logs are stored in /var/log/?
Yes, we are talking about HD space. But as I write above, that in (File - Open Log Files...) there is information only for 22-23 files of 2 gb per day, that is, we get 40-45 Gb per day. Where does the remaining memory go if we have 1.8TB of memory on the management server. Maybe we need to configure additional settings to keep logs longer? Or do we need to clean up the space?
It seems to me that we have some settings that are not configured correctly and we need additional configuration either on the MDS or the management server to keep the logs longer and localize unnecessary logs.
UPD:
My assumption is correct, I see that the logs on the management server are stored logs 40 GB per day.
But /var/log/ is loaded up to 1.5 GB, and we see logs for 3 days.
What do we need to configure additionally to solve the space load problem and allow the logs to be stored for a longer period of time.
You can always start by checking largest directories in order to find out whats filling them. Might be backups or snapshot exports
du -k /var/log/ -b | sort -n
