Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hllrdm
Participant

The SmartConsole does not display old logs

Hello!

The SmartConsole does not display old logs, for example, for dates older than 20-30 days.
The memory on the management server is sufficient. We also don't see logs in https://<ip-address>/SmartView.
HCP did not detect any critical errors. What direction can we go to find a solution? The time zone on the management server is correct. The version is R81.

0 Kudos
13 Replies
Amir_Senn
Employee
Employee

Hi,

2 questions:

1) Did you perform upgrade recently? From R81 we started using a newer version of indexing engine and if the old logs are indexed prior to the upgrade they will need to be re-indexed.

2) In SmartConsole logs view, you can select the menu next to the query line and select "Open log file". Can you see the older log files there?

Kind regards, Amir Senn
0 Kudos
Hllrdm
Participant

1) No, no changes have been made.
2) Open Log Files has data for later dates. We think this is a cosmetic problem, but we don't know how to fix it.

0 Kudos
Amir_Senn
Employee
Employee

Run "ls $FWDIR/log/" on your log server and check if you indeed have those log files.

Kind regards, Amir Senn
0 Kudos
Hllrdm
Participant

Yes, these magazines are available. Because when we click on a file in "Open Log Files...", the logs from earlier months are opened.

0 Kudos
Amir_Senn
Employee
Employee

If you have them in the log files you can open them with and see them in non-index mode. If you want to index them you can use the following sk:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

But I recommend not to index all at once. Depending on the amount of logs you have this could put some strain on the log server.

Kind regards, Amir Senn
0 Kudos
Hllrdm
Participant

Do I understand correctly that the indexing option can also be configured in Daly Logs Retention Configuration? Or is it recommended to work only with sk111766?
Could you describe in more detail the nature of the two settings in this window?
As I understood the first setting "Keep indexed logs for no longer than" answers the number of days for indexed logs. And the parameter "Keep log files for an extra" is responsible for the number of days that can be indexed? How would you recommend to configure these parameters, so that we can look through the logs for at least the last 2 months?

0 Kudos
Amir_Senn
Employee
Employee

In the daily retention you can set how long to keep the logs and indexes but not re-index them.

We have the logs and we have the indexes. Normal search in the logs view will work only if you have indexes but if the log files still exist you can open them (but one at a time though) and they could still be re-indexed any time.

So you can keep the indexes for X days and that is the amount of day you can search in the logs view without opening the log files one at a time. The logs are stored for extra Y days, which mean you will have long retention of X+Y.

The amount of days that I can recommend could vary over some factors. I think that using the retention by disk space is fine, just make sure that 10% is above 10 GB or something else you're comfortable with.

Kind regards, Amir Senn
0 Kudos
G_W_Albrecht
Legend
Legend

There is a setting for SmartLog Daily Logs Retention Configuration found in SMS object > Logs > Storage that is set to:

Keep indexed logs for no longer than one day

Keep log files for an extra 3 days

CCSE CCTE SMB Specialist
0 Kudos
Hllrdm
Participant

Settings.jpg

We have these settings. Should we edit them? How would you recommend editing them?

0 Kudos
Amir_Senn
Employee
Employee

That's up to you preferences on how long you want to keep the logs. If you want to keep them as long as you can you can keep the disk space management of deleting the oldest once getting below 10%, this also depends on the volume of your log partition.

Kind regards, Amir Senn
0 Kudos
Hllrdm
Participant

We have files with old logs in "Open Log Files...", but they do not show up in a simple SmartConsole search. That is, we observe a cosmetic error that we cannot search logs older than 20 days. There is disk space (more than 60% of the logs memory is free) and the logs are not deleted. Maybe there is a way to fix the cosmetic log display problem?

0 Kudos
Amir_Senn
Employee
Employee

Check what are your oldest indexes here on the log server with "ls $RTDIR/log_indexes/"

Kind regards, Amir Senn
0 Kudos
the_rock
Champion
Champion

I had similar issue with client once and TAC gave me below, which fixed the issue

Able to view and open log files from legacy SmartView Tracker, but unable to view log files from Sma...

Andy

0 Kudos