CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 11 of 11

Thread: Log file size

  1. #1
    Join Date
    2007-12-18
    Posts
    15
    Rep Power
    0

    Default Log file size

    Hi All,
    My organization is using NG FP2 (an old version), chkpoint s/w is installed in the win2k machine in 5GB of partitons.
    My problem is daily my HDD is full due to log created on chkpoint dir. I have also unchek the some rules with log option but still file name "2008_03_13_085723.log, 2008_03_13_085723.logptr, 2008_03_13_085723.vlogaccount_ptr" is creating squentially.
    Daily I have to remove previous days log manually.
    Is any way to limit the log?
    pls help

  2. #2
    Join Date
    2006-01-25
    Location
    Americas
    Posts
    1,535
    Rep Power
    15

    Default Re: Log file size

    Yes, AFAIK the log files have to be managed manually. If you haven't set up automatic rotation of log files I would suggest doing so. Then you can automate the zipping up of the 2008_03_13_085723* files into one file and then moving that file to a long term storage device.

    Another item you have to manage semi-manually are the database revision controls. If you use them regularly then they can add up to a lot of used space.
    Its all in the documentation.

  3. #3
    Join Date
    2007-12-18
    Posts
    15
    Rep Power
    0

    Default Re: Log file size

    Quote Originally Posted by melipla View Post
    Yes, AFAIK the log files have to be managed manually. If you haven't set up automatic rotation of log files I would suggest doing so. Then you can automate the zipping up of the 2008_03_13_085723* files into one file and then moving that file to a long term storage device.

    Another item you have to manage semi-manually are the database revision controls. If you use them regularly then they can add up to a lot of used space.
    Hi, How to do automate zipping Or database revios control? pls guide me step by step...
    I am using NG FP2

    thnaks

  4. #4
    Join Date
    2008-01-10
    Location
    Orlando, FL
    Posts
    107
    Rep Power
    12

    Default Re: Log file size

    I have not run a Windows platform Check Point system in years.. But here is some stuff that can maybe get you started... Not sure if this works with your version or not, so some testing would be required. Perhaps someone here can take it and tweak it for ya..

    Two scripts. The first one does a logswitch of your Firewall-1 logs, etc... And the second script is something I threw together real quick to zip and delete MySQL database backups.. Something totally not related to Firewall-1, but could be adapted do to the same.. The second script will require command line version of RAR.

    Sorry I dont have time to provide more help with this.. Like said, maybe someone else can take this and run with it..

    Code:
    @echo off
    
    ::	***********************************************************************
    ::	*	FILENAME: fwlog.bat                                           *
    ::	*	 PURPOSE: Switch Firewall-1 Logs and Export to ASCII Format   *
    ::	*	   NEEDS: Administrator Permission to run FW.EXE Commands     *
    ::	*	  AUTHOR: Greg Gibson                                         *
    ::	*	 CREATED: December 12, 2001                                   *
    ::	***********************************************************************
    
    :: Make sure Command Extensions are enabled! (Requires NT or 2000)
    ::**************************************************************************************
    	setlocal enableextensions
    
    :: This is the Firewall-1 Binary Directory! (Needed to Access FW.EXE)
    ::**************************************************************************************
    	set fwdir=%systemroot%\fw1\4.1\bin\
    
    :: This is the Firewall-1 Log Directory! (Needed to Access Log Files for Logswitch)
    ::**************************************************************************************
    	set logsrc=%systemroot%\fw1\4.1\log\
    
    :: This is where the Log Files will be Switched to and Later Exported to ASCII Output!
    ::**************************************************************************************
    	set logtarget=d:\Firewall-1 Logs\
    
    :: This variable will be used to create the folders and filenames in Date Format!
    ::**************************************************************************************
    	for /f "tokens= 1,2,3,4 delims=/ " %%I in ('date /t') do set today=%%J-%%K-%%L
    	set outfile=%today%
    
    :: Create a Folder with the Date as it's name on the D: Drive!
    ::**************************************************************************************
    	md "d:\Firewall-1 Logs\%outfile%"
    
    :: Switch the Current Log Files to an Archived version!
    ::**************************************************************************************
    	%fwdir%fw.exe logswitch "%outfile%"
    
    :: Export the Archived Logs to ASCII Format! (Delimiter is TAB must be in Quotes)
    ::**************************************************************************************
    	%fwdir%fw logexport -d "	" -i "%outfile%.log" -o "%outfile%.lognew" -n
    	%fwdir%fw logexport -d "	" -i "%outfile%.alog" -o "%outfile%.alognew" -n
    
    :: Delete the Archived Log Files in the Source Directory!
    ::**************************************************************************************
    	del "%logsrc%%outfile%.alog"
    	del "%logsrc%%outfile%.alogptr"
    	del "%logsrc%%outfile%.log"
    	del "%logsrc%%outfile%.logptr"
    
    :: Copy the Exported ASCII Log Files to the folder created above!
    ::**************************************************************************************
    	copy "%logsrc%%outfile%.*" "d:\Firewall-1 Logs\%outfile%"
    
    :: Delete the Exported Log Files that remained in the Source Directory!
    ::**************************************************************************************
    	del "%logsrc%%outfile%.alognew"
    	del "%logsrc%%outfile%.lognew"
    
    :: Rename the Log Files on the D: Drive to *.log!
    ::**************************************************************************************
    	ren "%logtarget%%outfile%\%outfile%.alognew" "%outfile%.alog"
    	ren "%logtarget%%outfile%\%outfile%.lognew" "%outfile%.log"
    
    :: End Job!


    Code:
    SET filename=filename.tmp
    
    DIR /b *.sql >filename.tmp
    
    FOR /f "tokens=*" %%a IN (%filename%) DO SET rarfile="%%a"
    
    RAR a %rarfile%.rar -m5 %rarfile%
    
    DEL %filename%
    DEL %rarfile%
    
    SET filname=
    SET rarfile=

  5. #5
    Join Date
    2007-12-18
    Posts
    15
    Rep Power
    0

    Default Re: Log file size

    Quote Originally Posted by rokudan View Post
    I have not run a Windows platform Check Point system in years.. But here is some stuff that can maybe get you started... Not sure if this works with your version or not, so some testing would be required. Perhaps someone here can take it and tweak it for ya..

    Two scripts. The first one does a logswitch of your Firewall-1 logs, etc... And the second script is something I threw together real quick to zip and delete MySQL database backups.. Something totally not related to Firewall-1, but could be adapted do to the same.. The second script will require command line version of RAR.

    Sorry I dont have time to provide more help with this.. Like said, maybe someone else can take this and run with it..

    Code:
    @echo off
    
    ::	***********************************************************************
    ::	*	FILENAME: fwlog.bat                                           *
    ::	*	 PURPOSE: Switch Firewall-1 Logs and Export to ASCII Format   *
    ::	*	   NEEDS: Administrator Permission to run FW.EXE Commands     *
    ::	*	  AUTHOR: Greg Gibson                                         *
    ::	*	 CREATED: December 12, 2001                                   *
    ::	***********************************************************************
    
    :: Make sure Command Extensions are enabled! (Requires NT or 2000)
    ::**************************************************************************************
    	setlocal enableextensions
    
    :: This is the Firewall-1 Binary Directory! (Needed to Access FW.EXE)
    ::**************************************************************************************
    	set fwdir=%systemroot%\fw1\4.1\bin\
    
    :: This is the Firewall-1 Log Directory! (Needed to Access Log Files for Logswitch)
    ::**************************************************************************************
    	set logsrc=%systemroot%\fw1\4.1\log\
    
    :: This is where the Log Files will be Switched to and Later Exported to ASCII Output!
    ::**************************************************************************************
    	set logtarget=d:\Firewall-1 Logs\
    
    :: This variable will be used to create the folders and filenames in Date Format!
    ::**************************************************************************************
    	for /f "tokens= 1,2,3,4 delims=/ " %%I in ('date /t') do set today=%%J-%%K-%%L
    	set outfile=%today%
    
    :: Create a Folder with the Date as it's name on the D: Drive!
    ::**************************************************************************************
    	md "d:\Firewall-1 Logs\%outfile%"
    
    :: Switch the Current Log Files to an Archived version!
    ::**************************************************************************************
    	%fwdir%fw.exe logswitch "%outfile%"
    
    :: Export the Archived Logs to ASCII Format! (Delimiter is TAB must be in Quotes)
    ::**************************************************************************************
    	%fwdir%fw logexport -d "	" -i "%outfile%.log" -o "%outfile%.lognew" -n
    	%fwdir%fw logexport -d "	" -i "%outfile%.alog" -o "%outfile%.alognew" -n
    
    :: Delete the Archived Log Files in the Source Directory!
    ::**************************************************************************************
    	del "%logsrc%%outfile%.alog"
    	del "%logsrc%%outfile%.alogptr"
    	del "%logsrc%%outfile%.log"
    	del "%logsrc%%outfile%.logptr"
    
    :: Copy the Exported ASCII Log Files to the folder created above!
    ::**************************************************************************************
    	copy "%logsrc%%outfile%.*" "d:\Firewall-1 Logs\%outfile%"
    
    :: Delete the Exported Log Files that remained in the Source Directory!
    ::**************************************************************************************
    	del "%logsrc%%outfile%.alognew"
    	del "%logsrc%%outfile%.lognew"
    
    :: Rename the Log Files on the D: Drive to *.log!
    ::**************************************************************************************
    	ren "%logtarget%%outfile%\%outfile%.alognew" "%outfile%.alog"
    	ren "%logtarget%%outfile%\%outfile%.lognew" "%outfile%.log"
    
    :: End Job!


    Code:
    SET filename=filename.tmp
    
    DIR /b *.sql >filename.tmp
    
    FOR /f "tokens=*" %%a IN (%filename%) DO SET rarfile="%%a"
    
    RAR a %rarfile%.rar -m5 %rarfile%
    
    DEL %filename%
    DEL %rarfile%
    
    SET filname=
    SET rarfile=
    Where do i get the script?

  6. #6
    Join Date
    2007-12-18
    Posts
    15
    Rep Power
    0

    Default Re: Log file size

    Sir Pls help me where do i get the script? & how to edit it?

  7. #7
    Join Date
    2008-01-10
    Location
    Orlando, FL
    Posts
    107
    Rep Power
    12

    Default Re: Log file size

    The script is all above in the included post, as well the quote post by you... You can edit it in notepad or any text editor, but like said it will probably take require some changes to make it work in your environment...

  8. #8
    Join Date
    2007-12-18
    Posts
    15
    Rep Power
    0

    Default Re: Log file size

    Quote Originally Posted by rokudan View Post
    The script is all above in the included post, as well the quote post by you... You can edit it in notepad or any text editor, but like said it will probably take require some changes to make it work in your environment...
    Still not able to rectify the problm pls help...

  9. #9
    Join Date
    2006-10-23
    Posts
    221
    Rep Power
    13

    Default Re: Log file size

    You could slap another driver in which has a larger disk space of 5gb..then edit the registry to save the logs to the other drive. (checkpoint knowledge base can help with this)

    Then I would look to move the lot off to a bigger better system.

    Short fix until you get a new system setup.

    How to: (As i know you will ask)
    Checkpoint Solution


    To redirect log files to another drive or path:

    Windows NT/2000

    1. Add to registry a new string value of FWLOGDIR under one of the following registry locations:

    FireWall-1 4.1:

    HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\4.1


    FireWall-1 NG and NGX:

    HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\5.0


    2. Create a new directory (for example C:\MyLogs) and define a String value named FWLOGDIR containing the log path (C:\MyLogs) under HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\5.0

    Note: The target path directory must exist prior to modifying the registry. In NGX, you should enter "6.0" in the path mentioned, instead of "5.0".


    3. Reboot server.
    Last edited by Danielpb; 2008-03-27 at 11:37.

  10. #10
    Join Date
    2007-12-18
    Posts
    15
    Rep Power
    0

    Default Re: Log file size

    Quote Originally Posted by Danielpb View Post
    You could slap another driver in which has a larger disk space of 5gb..then edit the registry to save the logs to the other drive. (checkpoint knowledge base can help with this)

    Then I would look to move the lot off to a bigger better system.

    Short fix until you get a new system setup.

    How to: (As i know you will ask)
    Checkpoint Solution


    To redirect log files to another drive or path:

    Windows NT/2000

    1. Add to registry a new string value of FWLOGDIR under one of the following registry locations:

    FireWall-1 4.1:

    HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\4.1


    FireWall-1 NG and NGX:

    HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\5.0


    2. Create a new directory (for example C:\MyLogs) and define a String value named FWLOGDIR containing the log path (C:\MyLogs) under HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\5.0

    Note: The target path directory must exist prior to modifying the registry. In NGX, you should enter "6.0" in the path mentioned, instead of "5.0".


    3. Reboot server.

    Hi thanks but one thing in the point number 3 you ask the reboot the server, but how could we go for that as it is production server.

    Again I am using Chekcpoint with alteon Boxes.

  11. #11
    Join Date
    2006-01-25
    Location
    Americas
    Posts
    1,535
    Rep Power
    15

    Default Re: Log file size

    Quote Originally Posted by him007 View Post
    Hi thanks but one thing in the point number 3 you ask the reboot the server, but how could we go for that as it is production server.
    If your production server allows for no downtime then you should be in a cluster environment as there you can perform these tasks with little to no interruption.
    Its all in the documentation.

Similar Threads

  1. Provider-1 mds_backup and 2GB file size limitation
    By cciesec2006 in forum Provider-1 (Multi-Domain Management)
    Replies: 1
    Last Post: 2009-03-02, 20:08
  2. NOKIA IP40 (File size too big)
    By samanide in forum Check Point UTM-1 Edge Appliances
    Replies: 1
    Last Post: 2007-11-28, 11:36
  3. What size will upgrade_export file be?
    By lowfell in forum Installing And Upgrading
    Replies: 4
    Last Post: 2007-05-21, 14:33
  4. ftp file size
    By Morph in forum Check Point SecurePlatform (SPLAT)
    Replies: 8
    Last Post: 2006-06-25, 03:11
  5. SPLAT chmod for meminfo, increase size of swap file.
    By Westy in forum Check Point SecurePlatform (SPLAT)
    Replies: 0
    Last Post: 2006-01-12, 11:46

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •