getting rid of old logs

[khunkao]

I have Checkpoint NG FW1 running in Windows 2000. Unfortunately the partition it has been sitting on is just small and I am now finding log files that date back 5 years ago! I need to delete these logs, their associated ptr and audit files. Do I simply run cpstop, delete them and then cpstart?

[Joncon]

Before deleting them make sure there are no regulatory obligations on your organisation regarding the retention of logs. I'm thinking SoX, BAsel, FSA etc. If in doubt speak to your compliance department.

[khunkao]

nope there are no regulations. So should I just cpstop, delete the files or at least move them off the directory, then cpstart?

[northlandboy]

If the logs have been rotated regularly - i.e. we're not talking about deleting fw.log - then you can just delete them. No need to do a cpstop.

Do yourself a favour and script this.

If you do need to keep them longer, one tip is to gzip them - they go down to around 10% of their size.

Do yourself another favour and get that box upgraded too...