Log file size

[him007]

Hi All,
My organization is using NG FP2 (an old version), chkpoint s/w is installed in the win2k machine in 5GB of partitons.
My problem is daily my HDD is full due to log created on chkpoint dir. I have also unchek the some rules with log option but still file name "2008_03_13_085723.log, 2008_03_13_085723.logptr, 2008_03_13_085723.vlogaccount_ptr" is creating squentially.
Daily I have to remove previous days log manually.
Is any way to limit the log?
pls help

[melipla]

Yes, AFAIK the log files have to be managed manually. If you haven't set up automatic rotation of log files I would suggest doing so. Then you can automate the zipping up of the 2008_03_13_085723* files into one file and then moving that file to a long term storage device.

Another item you have to manage semi-manually are the database revision controls. If you use them regularly then they can add up to a lot of used space.

[him007]

Quote:

Originally Posted by melipla

Yes, AFAIK the log files have to be managed manually. If you haven't set up automatic rotation of log files I would suggest doing so. Then you can automate the zipping up of the 2008_03_13_085723* files into one file and then moving that file to a long term storage device.

Another item you have to manage semi-manually are the database revision controls. If you use them regularly then they can add up to a lot of used space.

Hi, How to do automate zipping Or database revios control? pls guide me step by step...
I am using NG FP2

thnaks

[rokudan]

I have not run a Windows platform Check Point system in years.. But here is some stuff that can maybe get you started... Not sure if this works with your version or not, so some testing would be required. Perhaps someone here can take it and tweak it for ya..

Two scripts. The first one does a logswitch of your Firewall-1 logs, etc... And the second script is something I threw together real quick to zip and delete MySQL database backups.. Something totally not related to Firewall-1, but could be adapted do to the same.. The second script will require command line version of RAR.

Sorry I dont have time to provide more help with this.. Like said, maybe someone else can take this and run with it..

Code:

@echo off

::	***********************************************************************
::	*	FILENAME: fwlog.bat                                           *
::	*	 PURPOSE: Switch Firewall-1 Logs and Export to ASCII Format   *
::	*	   NEEDS: Administrator Permission to run FW.EXE Commands     *
::	*	  AUTHOR: Greg Gibson                                         *
::	*	 CREATED: December 12, 2001                                   *
::	***********************************************************************

:: Make sure Command Extensions are enabled! (Requires NT or 2000)
::**************************************************************************************
	setlocal enableextensions

:: This is the Firewall-1 Binary Directory! (Needed to Access FW.EXE)
::**************************************************************************************
	set fwdir=%systemroot%\fw1\4.1\bin\

:: This is the Firewall-1 Log Directory! (Needed to Access Log Files for Logswitch)
::**************************************************************************************
	set logsrc=%systemroot%\fw1\4.1\log\

:: This is where the Log Files will be Switched to and Later Exported to ASCII Output!
::**************************************************************************************
	set logtarget=d:\Firewall-1 Logs\

:: This variable will be used to create the folders and filenames in Date Format!
::**************************************************************************************
	for /f "tokens= 1,2,3,4 delims=/ " %%I in ('date /t') do set today=%%J-%%K-%%L
	set outfile=%today%

:: Create a Folder with the Date as it's name on the D: Drive!
::**************************************************************************************
	md "d:\Firewall-1 Logs\%outfile%"

:: Switch the Current Log Files to an Archived version!
::**************************************************************************************
	%fwdir%fw.exe logswitch "%outfile%"

:: Export the Archived Logs to ASCII Format! (Delimiter is TAB must be in Quotes)
::**************************************************************************************
	%fwdir%fw logexport -d "	" -i "%outfile%.log" -o "%outfile%.lognew" -n
	%fwdir%fw logexport -d "	" -i "%outfile%.alog" -o "%outfile%.alognew" -n

:: Delete the Archived Log Files in the Source Directory!
::**************************************************************************************
	del "%logsrc%%outfile%.alog"
	del "%logsrc%%outfile%.alogptr"
	del "%logsrc%%outfile%.log"
	del "%logsrc%%outfile%.logptr"

:: Copy the Exported ASCII Log Files to the folder created above!
::**************************************************************************************
	copy "%logsrc%%outfile%.*" "d:\Firewall-1 Logs\%outfile%"

:: Delete the Exported Log Files that remained in the Source Directory!
::**************************************************************************************
	del "%logsrc%%outfile%.alognew"
	del "%logsrc%%outfile%.lognew"

:: Rename the Log Files on the D: Drive to *.log!
::**************************************************************************************
	ren "%logtarget%%outfile%\%outfile%.alognew" "%outfile%.alog"
	ren "%logtarget%%outfile%\%outfile%.lognew" "%outfile%.log"

:: End Job!

Code:

SET filename=filename.tmp

DIR /b *.sql >filename.tmp

FOR /f "tokens=*" %%a IN (%filename%) DO SET rarfile="%%a"

RAR a %rarfile%.rar -m5 %rarfile%

DEL %filename%
DEL %rarfile%

SET filname=
SET rarfile=

[him007]

Quote:

Originally Posted by rokudan

I have not run a Windows platform Check Point system in years.. But here is some stuff that can maybe get you started... Not sure if this works with your version or not, so some testing would be required. Perhaps someone here can take it and tweak it for ya..

Two scripts. The first one does a logswitch of your Firewall-1 logs, etc... And the second script is something I threw together real quick to zip and delete MySQL database backups.. Something totally not related to Firewall-1, but could be adapted do to the same.. The second script will require command line version of RAR.

Sorry I dont have time to provide more help with this.. Like said, maybe someone else can take this and run with it..

Code:

@echo off

::	***********************************************************************
::	*	FILENAME: fwlog.bat                                           *
::	*	 PURPOSE: Switch Firewall-1 Logs and Export to ASCII Format   *
::	*	   NEEDS: Administrator Permission to run FW.EXE Commands     *
::	*	  AUTHOR: Greg Gibson                                         *
::	*	 CREATED: December 12, 2001                                   *
::	***********************************************************************

:: Make sure Command Extensions are enabled! (Requires NT or 2000)
::**************************************************************************************
	setlocal enableextensions

:: This is the Firewall-1 Binary Directory! (Needed to Access FW.EXE)
::**************************************************************************************
	set fwdir=%systemroot%\fw1\4.1\bin\

:: This is the Firewall-1 Log Directory! (Needed to Access Log Files for Logswitch)
::**************************************************************************************
	set logsrc=%systemroot%\fw1\4.1\log\

:: This is where the Log Files will be Switched to and Later Exported to ASCII Output!
::**************************************************************************************
	set logtarget=d:\Firewall-1 Logs\

:: This variable will be used to create the folders and filenames in Date Format!
::**************************************************************************************
	for /f "tokens= 1,2,3,4 delims=/ " %%I in ('date /t') do set today=%%J-%%K-%%L
	set outfile=%today%

:: Create a Folder with the Date as it's name on the D: Drive!
::**************************************************************************************
	md "d:\Firewall-1 Logs\%outfile%"

:: Switch the Current Log Files to an Archived version!
::**************************************************************************************
	%fwdir%fw.exe logswitch "%outfile%"

:: Export the Archived Logs to ASCII Format! (Delimiter is TAB must be in Quotes)
::**************************************************************************************
	%fwdir%fw logexport -d "	" -i "%outfile%.log" -o "%outfile%.lognew" -n
	%fwdir%fw logexport -d "	" -i "%outfile%.alog" -o "%outfile%.alognew" -n

:: Delete the Archived Log Files in the Source Directory!
::**************************************************************************************
	del "%logsrc%%outfile%.alog"
	del "%logsrc%%outfile%.alogptr"
	del "%logsrc%%outfile%.log"
	del "%logsrc%%outfile%.logptr"

:: Copy the Exported ASCII Log Files to the folder created above!
::**************************************************************************************
	copy "%logsrc%%outfile%.*" "d:\Firewall-1 Logs\%outfile%"

:: Delete the Exported Log Files that remained in the Source Directory!
::**************************************************************************************
	del "%logsrc%%outfile%.alognew"
	del "%logsrc%%outfile%.lognew"

:: Rename the Log Files on the D: Drive to *.log!
::**************************************************************************************
	ren "%logtarget%%outfile%\%outfile%.alognew" "%outfile%.alog"
	ren "%logtarget%%outfile%\%outfile%.lognew" "%outfile%.log"

:: End Job!

Code:

SET filename=filename.tmp

DIR /b *.sql >filename.tmp

FOR /f "tokens=*" %%a IN (%filename%) DO SET rarfile="%%a"

RAR a %rarfile%.rar -m5 %rarfile%

DEL %filename%
DEL %rarfile%

SET filname=
SET rarfile=

Where do i get the script?

[him007]

Sir Pls help me where do i get the script? & how to edit it?

[rokudan]

The script is all above in the included post, as well the quote post by you... You can edit it in notepad or any text editor, but like said it will probably take require some changes to make it work in your environment...

[him007]

Quote:

Originally Posted by rokudan

The script is all above in the included post, as well the quote post by you... You can edit it in notepad or any text editor, but like said it will probably take require some changes to make it work in your environment...

Still not able to rectify the problm pls help...

[Danielpb]

You could slap another driver in which has a larger disk space of 5gb..then edit the registry to save the logs to the other drive. (checkpoint knowledge base can help with this)

Then I would look to move the lot off to a bigger better system.

Short fix until you get a new system setup.

How to: (As i know you will ask)
Checkpoint Solution


To redirect log files to another drive or path:

Windows NT/2000

1. Add to registry a new string value of FWLOGDIR under one of the following registry locations:

FireWall-1 4.1:

HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\4.1


FireWall-1 NG and NGX:

HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\5.0


2. Create a new directory (for example C:\MyLogs) and define a String value named FWLOGDIR containing the log path (C:\MyLogs) under HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\5.0

Note: The target path directory must exist prior to modifying the registry. In NGX, you should enter "6.0" in the path mentioned, instead of "5.0".


3. Reboot server.

[him007]

Quote:

Originally Posted by Danielpb

You could slap another driver in which has a larger disk space of 5gb..then edit the registry to save the logs to the other drive. (checkpoint knowledge base can help with this)

Then I would look to move the lot off to a bigger better system.

Short fix until you get a new system setup.

How to: (As i know you will ask)
Checkpoint Solution


To redirect log files to another drive or path:

Windows NT/2000

1. Add to registry a new string value of FWLOGDIR under one of the following registry locations:

FireWall-1 4.1:

HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\4.1


FireWall-1 NG and NGX:

HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\5.0


2. Create a new directory (for example C:\MyLogs) and define a String value named FWLOGDIR containing the log path (C:\MyLogs) under HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\5.0

Note: The target path directory must exist prior to modifying the registry. In NGX, you should enter "6.0" in the path mentioned, instead of "5.0".


3. Reboot server.

Hi thanks but one thing in the point number 3 you ask the reboot the server, but how could we go for that as it is production server.

Again I am using Chekcpoint with alteon Boxes.

[melipla]

Quote:

Originally Posted by him007

Hi thanks but one thing in the point number 3 you ask the reboot the server, but how could we go for that as it is production server.

If your production server allows for no downtime then you should be in a cluster environment as there you can perform these tasks with little to no interruption.