1. Open your SmartDashboard, double click on Management Server Object.
2. Make sure in General Properties Logging & Status should be checked.
3. Go to Log and Check Enable SmartLog option.
4. Go to Storage and Set the number of days to keep Indexing.
5. Then click on OK and Install the Policy on all the Security Gateways which are supposed to send logs to this Log Server.
Configuring the Start date/time for logs indexing
1. Login to your management server CLI console with expert level permission.
2. Run the command:
[Expert@HostName]# cp $SMARTLOGDIR/smartlog_settings.txt $SMARTLOGDIR/smartlog_settings.txt_ORIGINAL
3. Run the command:
[Expert@HostName]# vi $SMARTLOGDIR/smartlog_settings.txt
4. Delete these lines:
time_restriction_for_fetch_all (<existing_data>)
time_restriction_for_fetch_all_disp (<existing_data>)
5. Save and exit from VI editor
6. Backup and edit $SMARTLOGDIR/conf/smartlog_settings.conf and change the number of days of logs to re-index:
[Expert@HostName]# cp $SMARTLOGDIR/conf/smartlog_settings.conf $SMARTLOGDIR/conf/smartlog_settings.conf_ORIGINAL
[Expert@HostName]# vi $SMARTLOGDIR/conf/smartlog_settings.conf
:num_days_restriction_for_fetch_all_integrated (<days>)
<days> is the last number of days of logs to be indexed by the SmartLog server. For example, to re-index logs from the last 365 days of logs, give a value of 365.
Note: - To reduce the performance impact while re-indexing, Checkpoint recommend that you only the number of days of logs that you need.
7. Backup and remve $SMARTLOGDIR/data/FetchedFiles
[Expert@HostName]# cp $SMARTLOGDIR/data/FetchedFiles $SMARTLOGDIR/data/FetchedFiles_ORIGINAL
[Expert@HostName]# rm -i $SMARTLOGDIR/data/FetchedFiles
8. Restart SmartLog services:
[Expert@HostName]# smartlogstop
[Expert@HostName]# smartlogstart
9. Verify smartlog_settings.txt shows the earliest date of re-index
[Expert@HostName]# grep restriction $SMARTLOGDIR/smartlog_settings.txt
10. Login to SmartLog and check the logs there.
(Note: It is possible when you first time open the SmartLog you will not be able to see all the past days logs, it is due to Indexing time. Indexing takes time depending on the number days and volume of logs in each log file need to be indexed).
11. If you wish to check which file has been already indexed during indexing, use this command:
[Expert@HostName]# cat /var/log/opt/CPSmartLog-RXX/data/FetchedFiles
(Note: in CPSmartLog-RXX, RXX is version of Checkpoint e.g. R77)
12. That's it.
2. Make sure in General Properties Logging & Status should be checked.
3. Go to Log and Check Enable SmartLog option.
4. Go to Storage and Set the number of days to keep Indexing.
5. Then click on OK and Install the Policy on all the Security Gateways which are supposed to send logs to this Log Server.
Configuring the Start date/time for logs indexing
1. Login to your management server CLI console with expert level permission.
2. Run the command:
[Expert@HostName]# cp $SMARTLOGDIR/smartlog_settings.txt $SMARTLOGDIR/smartlog_settings.txt_ORIGINAL
3. Run the command:
[Expert@HostName]# vi $SMARTLOGDIR/smartlog_settings.txt
4. Delete these lines:
time_restriction_for_fetch_all (<existing_data>)
time_restriction_for_fetch_all_disp (<existing_data>)
5. Save and exit from VI editor
6. Backup and edit $SMARTLOGDIR/conf/smartlog_settings.conf and change the number of days of logs to re-index:
[Expert@HostName]# cp $SMARTLOGDIR/conf/smartlog_settings.conf $SMARTLOGDIR/conf/smartlog_settings.conf_ORIGINAL
[Expert@HostName]# vi $SMARTLOGDIR/conf/smartlog_settings.conf
:num_days_restriction_for_fetch_all_integrated (<days>)
<days> is the last number of days of logs to be indexed by the SmartLog server. For example, to re-index logs from the last 365 days of logs, give a value of 365.
Note: - To reduce the performance impact while re-indexing, Checkpoint recommend that you only the number of days of logs that you need.
7. Backup and remve $SMARTLOGDIR/data/FetchedFiles
[Expert@HostName]# cp $SMARTLOGDIR/data/FetchedFiles $SMARTLOGDIR/data/FetchedFiles_ORIGINAL
[Expert@HostName]# rm -i $SMARTLOGDIR/data/FetchedFiles
8. Restart SmartLog services:
[Expert@HostName]# smartlogstop
[Expert@HostName]# smartlogstart
9. Verify smartlog_settings.txt shows the earliest date of re-index
[Expert@HostName]# grep restriction $SMARTLOGDIR/smartlog_settings.txt
10. Login to SmartLog and check the logs there.
(Note: It is possible when you first time open the SmartLog you will not be able to see all the past days logs, it is due to Indexing time. Indexing takes time depending on the number days and volume of logs in each log file need to be indexed).
11. If you wish to check which file has been already indexed during indexing, use this command:
[Expert@HostName]# cat /var/log/opt/CPSmartLog-RXX/data/FetchedFiles
(Note: in CPSmartLog-RXX, RXX is version of Checkpoint e.g. R77)
12. That's it.
