CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


CPUG Challenge 2018?? We will be holding another CPUG Challenge for 2018.
The plan is to time it around CPX again (earlier this year), but not necessarily limit it to those in attendance.
I'll provide more details as we get a bit closer, but be ready! -E

 

Results 1 to 11 of 11

Thread: Operation Memory Clean up is needed.

  1. #1
    Join Date
    2017-09-10
    Posts
    17
    Rep Power
    0

    Default Operation Memory Clean up is needed.

    Hello

    I am using dbedit to remove a bulk number of objects from the MDS.
    We have a provider-1 appliance running gaia 77.30. It has 4 different CMA's. One of the CMA has 5560 objects that are not being used anywhere. So I ran the below script.

    I SSH into MDS
    then get in to CMA (mdsenv CMA IP)
    run the below commands

    dos2unix /var/log/CRQ000004847568_1.txt
    dbedit -local -globallock -f /var/log/CRQ000004847568_1.txt &> CRQ000004847568_1_output.txt

    The file has CRQ000004847568_1 has the following lines

    delete network_objects wand-switch
    delete network_objects GSNet_Host_Plain_172.31.189.188
    delete network_objects GSNet_Host_Plain_192.168.16.10
    delete network_objects ADT_ALARM_10.165.29.129
    delete network_objects ADT_ALARM_10.101.191.228
    delete network_objects ADT_ALARM_10.101.39.228
    delete network_objects ADT_ALARM_10.104.239.228
    .
    .
    .
    .
    .
    .
    same lines for 5560 objects and the last line is savedb command.

    The output file shows me this error:
    Failed to save database: Operation Memory Cleanup is Needed
    Server is disconnected. All changes will be lost.
    Error in line: 5561

    Line 5561 is savedb command

    Right now I cannot find the removed objects from the CMA. But I do not know if the database is installed correctly or not.

    Your help would be much appreciated.

    Thanks in advance

    Ravindra

  2. #2
    Join Date
    2006-09-26
    Posts
    3,055
    Rep Power
    15

    Default Re: Operation Memory Clean up is needed.

    Quote Originally Posted by ravindra692 View Post
    Hello

    I am using dbedit to remove a bulk number of objects from the MDS.
    We have a provider-1 appliance running gaia 77.30. It has 4 different CMA's. One of the CMA has 5560 objects that are not being used anywhere. So I ran the below script.

    I SSH into MDS
    then get in to CMA (mdsenv CMA IP)
    run the below commands

    dos2unix /var/log/CRQ000004847568_1.txt
    dbedit -local -globallock -f /var/log/CRQ000004847568_1.txt &> CRQ000004847568_1_output.txt

    The file has CRQ000004847568_1 has the following lines

    delete network_objects wand-switch
    delete network_objects GSNet_Host_Plain_172.31.189.188
    delete network_objects GSNet_Host_Plain_192.168.16.10
    delete network_objects ADT_ALARM_10.165.29.129
    delete network_objects ADT_ALARM_10.101.191.228
    delete network_objects ADT_ALARM_10.101.39.228
    delete network_objects ADT_ALARM_10.104.239.228
    .
    .
    .
    .
    .
    .
    same lines for 5560 objects and the last line is savedb command.

    The output file shows me this error:
    Failed to save database: Operation Memory Cleanup is Needed
    Server is disconnected. All changes will be lost.
    Error in line: 5561

    Line 5561 is savedb command

    Right now I cannot find the removed objects from the CMA. But I do not know if the database is installed correctly or not.

    Your help would be much appreciated.

    Thanks in advance

    Ravindra
    Did you perform an "mds_backup" prior to doing this?

  3. #3
    Join Date
    2017-09-10
    Posts
    17
    Rep Power
    0

    Default Re: Operation Memory Clean up is needed.

    No. I did not do mds backup before this. I did a Database Revision before running this script.

  4. #4
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,480
    Rep Power
    8

    Default Re: Operation Memory Clean up is needed.

    Is this part of the demo CMA you turned up in the other thread? I guess if you're worried you could restore the database revision. I would do a savedb more then just once at the end. Like maybe every 50 deletes or something.

    Or maybe restore the database revision and do a script where you just call savedb and see if it throws an error or not before running through the 5k delete operations.

  5. #5
    Join Date
    2017-09-10
    Posts
    17
    Rep Power
    0

    Default Re: Operation Memory Clean up is needed.

    This is not the Demo CMA. This issue is in our production firewall. When I tried the Database revision dashboard gave a prompt saying that the Database revision is not recommended for VSX, it might cause inconsistencies in the MDS.

  6. #6
    Join Date
    2006-09-26
    Posts
    3,055
    Rep Power
    15

    Default Re: Operation Memory Clean up is needed.

    Quote Originally Posted by ravindra692 View Post
    No. I did not do mds backup before this. I did a Database Revision before running this script.

    Oh mine. You should have prior to an dbedit. doing dbedit is pretty dangerous without mds_backup. It happened to me many times in the past and mds_backup really saved my ass :-)

  7. #7
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,480
    Rep Power
    8

    Default Re: Operation Memory Clean up is needed.

    Quote Originally Posted by ravindra692 View Post
    This is not the Demo CMA. This issue is in our production firewall. When I tried the Database revision dashboard gave a prompt saying that the Database revision is not recommended for VSX, it might cause inconsistencies in the MDS.
    ack.. yeah VSX doesn't support db revisions. You would like checkpoint would alarm or warn when creating and not restoring.

    I would not mess with anything further and contact support. Grab that file i said and see if there are any files in /var/log/dump/usermode/ plus generate a cpinfo.

  8. #8
    Join Date
    2017-09-10
    Posts
    17
    Rep Power
    0

    Default Re: Operation Memory Clean up is needed.

    I reached out to checkpoint support. They have no idea what that error means. They suggested to perform a mds reboot and if we have a database corruption then we will see it there. Fortunately there was no database corruption. It is working fine now.

    My suggestion, when you guys are performing a objects removal in bulk using dbedit scripts do not do more than 100 objects in a single go.

    Thanks
    Ravindra

  9. #9
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,480
    Rep Power
    8

    Default Re: Operation Memory Clean up is needed.

    Im confused as to what savedb even does. I just ran through creating some objects using dbedit and didn't issue a savedb and everything showed up where i expected. I've also looked at other examples where people create rules and don't see savedb issued there either.

    that being said, support saying they have no idea what that means is kind of BS. If they don't know they should be interfacing with dev to get input. Someone has access to source code and should be able to look up where that error is thrown to at least give some input on what it means and how worried you should be. I would call back and escalate to a manager.

  10. #10
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    103
    Rep Power
    11

    Default Re: Operation Memory Clean up is needed.

    Quote Originally Posted by jflemingeds View Post
    Im confused as to what savedb even does. I just ran through creating some objects using dbedit and didn't issue a savedb and everything showed up where i expected. I've also looked at other examples where people create rules and don't see savedb issued there either.
    My understanding is savedb is like sync(2). Not technically necessary, but probably a good idea before doing complex operations so as to limit potential data loss should something go wrong.
    Zimmie

  11. #11
    Join Date
    2017-09-10
    Posts
    17
    Rep Power
    0

    Default Re: Operation Memory Clean up is needed.

    Quote Originally Posted by jflemingeds View Post
    Im confused as to what savedb even does. I just ran through creating some objects using dbedit and didn't issue a savedb and everything showed up where i expected. I've also looked at other examples where people create rules and don't see savedb issued there either.

    that being said, support saying they have no idea what that means is kind of BS. If they don't know they should be interfacing with dev to get input. Someone has access to source code and should be able to look up where that error is thrown to at least give some input on what it means and how worried you should be. I would call back and escalate to a manager.
    When using the –globallock flag, savedb should be added at the end of the script (like save button in SmartDashboard). When flag is not in use, no need to add the savedb command, as changes are updated immediately.

    Also the script that I used to remove objects is made by me. Checkpoint doesn't support user made scripts may be that is why they do not have information on this error.
    Last edited by ravindra692; 1 Week Ago at 09:51.

Similar Threads

  1. not enough storage to complete operation
    By bingdude in forum SmartDashboard
    Replies: 1
    Last Post: 2016-03-31, 16:04
  2. Firewall rule clean-up tools assistance needed
    By cciesec2006 in forum Miscellaneous
    Replies: 11
    Last Post: 2009-08-21, 16:16
  3. operation incompleted due to timeout
    By dongliying2 in forum SmartDashboard
    Replies: 10
    Last Post: 2009-02-04, 08:59
  4. SecuRemote Operation Timed Out
    By cwemely in forum SecureClient/SecuRemote
    Replies: 5
    Last Post: 2006-08-23, 20:14
  5. Operation would block
    By Barry J. Stiefel in forum Miscellaneous
    Replies: 0
    Last Post: 2005-08-14, 14:35

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •