Академический Документы
Профессиональный Документы
Культура Документы
Solution ID:
sk60080
Product:
Version:
OS:
SecurePlatform, SecurePlatform 2.6, Gaia, Linux, IPSO 3.x, IPSO 4.x, IPSO 6.2
Platform / Model:
All
Date Created:
16-Jan-2011
Last Modified:
10-Feb-2015
SYMPTOMS
CAUSE
The root cause may be one of a number of factors and it may vary dependent upon the host's function
(Security Gateway, Security Management, Log Server, SmartEvent, etc).
SOLUTION
First of all, refer to sk91060 (Removing old Check Point packages and files after an upgrade on
Security Gateway / Security Management Server).
The list below presents only some of the most common causes of excessive disk utilization. This list
should not be construed as an exhaustive list.
The items on this list are numbered only for convenience. These numbers do not designate the order
of carrying out the steps.
1.
Determine the mount point that is most severely affected by disk constraints. Use the ' df'
command to view the partition table and its associated utilization:
SecurePlatform / Gaia / Linux OS:
[Expert@HostName]# df -h
Filesystem
Size
/dev/sda6
1004M
/dev/sda1
145M
/dev/sda5
14G
/dev/sda2
2.0G
/dev/sda7
80G
[Expert@HostName]#
IPSO OS:
HostName[admin]# df -h
Filesystem
/dev/mirror/gmroots1f
Size
1.9G
Used
319M
Avail Capacity
1.5G
17%
Mounted on
/
devfs
1.0K
1.0K
0B
/dev/mirror/gmroots1a
38M
102K
35M
/dev/mirror/gmroots1d
21G
567M
18G
/dev/mirror/gmroots1e
3.8G
649M
2.8G
procfs
4.0K
4.0K
0B
HostName[admin]#
Note: The virtual /proc filesystem will always be 100% full.
2.
100%
0%
3%
18%
100%
/dev
/config
/var
/opt
/proc
Once a problematic partition is identified, begin analyzing the contents of that partition. Use
the 'du' command to examine disk space utilization at directory-level. This provides a starting
point for further examination.
For example, let us examine the '/opt' partition:
SecurePlatform / Gaia / Linux OS:
62816256
/opt/CPportal-R75.20
35860480
/opt/CPV40Cmp-R75.20
30670848
/opt/CPNacPortal
30134272
/opt/CPSG80CMP-R75.20
29581312
/opt/aspam_engine
25001984
/opt/CPR7540CMP-R75.20
23605248
/opt/CPUserCheckPortal
23220224
/opt/CPEdgecmp-R75.20
20656128
/opt/CPSmartLog-R75.20
17948672
/opt/CPR7520CMP-R75.20
17629184
/opt/CPR75CMP-R75.20
16322560
/opt/CPadvr-R75.20
16084992
/opt/CPR71CMP-R75.20
14798848
/opt/CPNGXCMP-R75.20
13770752
/opt/CPCON66CMP-R75.20
[Expert@HostName]#
IPSO OS:
These are some common factors in excessive disk utilization and their associated remediation.
1.
# ls -1 $FWDIR/conf/db_versions/repository/ | wc -l
HostName[admin]# du -h -d 0 $FWDIR/conf/db_versions
2.
While it is possible to manually delete legacy database revisions from the CLI, Check Point
recommends that legacy database revisions be removed through SmartDashboard (' File'
menu 'Database Revision Control...'). This ensures that the pointer is updated
accordingly.
3.
# ls -l $RTDIR/distrib/* | wc -l
# evstop
# cd $RTDIR/distrib/
# rm -r $RTDIR/distrib/*
# evstart
4.
Related solution: sk66575 (How to remove delete an Analyzer or SmartEvent database)
5.
6.
Remove old rotated FireWall logs from $FWDIR/log/ directory on Security Management
Server,:
SecurePlatform / Gaia / Linux / IPSO OS:
# cd $FWDIR/log/
# ls -l *.log
This example removes all log files from year 2009:
# rm 2009*.log*
7.
8.
Remove any legacy compiled policies on Security Management Server for Security Gateways
that are no longer in production:
On Security Management Server, within $FWDIR/conf/ directory, there are subdirectories for
each managed Security Gateway. These subdirectories contains copies of the compiled policy.
For any Security Gateways that are no longer in production, delete the corresponding
subdirectory.
9.
[Expert@HostName]# rm -r /opt/CA/avengine/tmp/ArcTemp/*