Search This Blog

Thursday, May 5, 2016

How to calculate the log rate on Check Point

In order to check the required disk size for Check Point log file we can calculate for a certain period of time the growth, in bytes per second, of the log file and with this value to calculate the required space.

This is done on the Security Management or the log server.

And this is how it done:

Go to log directory:

cd $FWDIR/log

Check the size of the file fw.logptr (SIZE_BEFORE):

ls fw.logptr

Wait for a period of time (SLEEP_TIME)

Check the size of the file again (SIZE_AFTER)

Then use the following formula to get the bytes per second rate:


Here is a sample bash script to automate this calculation:

Create directory on /home called scripts:

mkdir /home/scripts

Create new file on this directory:

vi /home/scripts/LogRateCalc

Copy this script into the newly created file:

# Print log rate data on Security Management
echo "Check Point Log rate calculation"
echo " "
echo "Enter the required period of time (in seconds) to calculate the rate:"
read t1
echo " "
echo "Started at $(/bin/date +%d-%b-%Y_%Hh-%Mm-%Ss)" | tee -a /home/scripts/LogRateInfo
echo "Pleasse wait for" $t1 "seconds..."
SIZE_BEFORE=$(ls -l $FWDIR/log/fw.logptr | awk '{print $5}') ; sleep $SLEEP_TIME ; SIZE_AFTER=$(ls -l $FWDIR/log/fw.logptr | awk '{print $5}')
RATE=`expr \( $SIZE_AFTER - $SIZE_BEFORE \) \/ \( 4 \* $SLEEP_TIME \)`
echo "the log rate for this management unit is:"
echo "$RATE bytes per second" | tee -a /home/scripts/LogRateInfo
STR=`expr \( $RATE \* 60 \) \* 60 \* 24 \/ 1024 \/ 1024`
echo " "
echo "You will need $STR MB per day"
echo "Finished at $(/bin/date +%d-%b-%Y_%Hh-%Mm-%Ss)" | tee -a /home/scripts/LogRateInfo
exit 0

Save it, and change the file mode:

chmod 775 /home/scripts/LogRateCalc

Execute the script:


Note that this script will also create a file under /home/scripts, called LogRateInfo, and will document any log rate check along with start and end time and date.

No comments:

Post a Comment