Smart Event (Intro) Database self destruction

So Smart Event Intro this time:

When I returned from Christmas holiday and started Smart Event Intro it greeted me with:

Emptyness ;)

As this was not the first time I had issues with Smart Event Intro (this post can be applied 1:1 to Smart Event) I went to “Policy -> Database Status just” to find out it had shrunk itself to a healthy and FULL 15 Megabytes:

database full

When I searched Checkpoint KB for “smart event database” I saw 8 results and none of them  really described how Smart Event (Intro) handles the database. If you search hard enough you might find sk69706 that describes how to adjust the maximum database size.

But this is clearly not an issue of the max. Database size is it? However the sk points you to the right Database Table: “abacus_db_mgmt db_mgmt_properties”

If you search for this in GUIDBedit you will find this database table and be able to see its other entries:

db settings

Down there you will find the value “free_size_threshold” which is the free disk space threshold in percent at which Smart Event (Intro) will start to shring its database to a miserable death to preserve the free disk space threshold.

As we have 1TB Storage in our management station Smart Event Intro will start to commit database suicide and delete all your past events out of its database. Original logfiles under $FWDIR/logs will stay untouched but thats not really a help if you have to administrate an IPS is it?

So when I reduced this value to 5%, which are still 50GB of free diskspace for us, and restarted Smart Event Intro with “evstop;evstart” Smart Event startetd to repopulate the database (I think even with old events again):

smart event db normal

So you might argue that this is not a “self destruct” but a “self preservation” to keep your Firewall Management intact. However I think Checkpoint lost focus on integration (which makes Checkpoint Management so superior) a bit when they introduce yet another blade every year.

If you have quite a decent Open Server platform you can easily run fwm, smart event and smart log side by side on it. Sadly the SmartDashboard management server object only has settings for Log Disk Space consumption and Limits.

Wouldn’t it be nice if the management would display Disk Space preservation thresholds for every blades database you activate at one spot and coordinate your entire management’s disk space thresholds in one place? Surely would not be that complicated from a programming perspective, would it?

Regards
Sebastian

Advertisements

About SebastianB

read it in my blog
This entry was posted in Checkpoint and tagged , , , , . Bookmark the permalink.

2 Responses to Smart Event (Intro) Database self destruction

  1. Pingback: SmartLog not so smart – stops logging | IT-Unsecurity

  2. Dreezman says:

    I agree. CP has too many blades in the fire and has forgotten about system integration, QA, stability on their core product suite (fw, logging, mgt).

    I sure feel sorry for their helpdesk and SE’s, that has to be a bitch of a job supporting 1 billion blades. “Yeah Frank, Version 75.47 HF 20 of the GRC blade faulted and brought down our ,SmartCenter and corrupted the database and on the re-build we had to re-SIC the firewalls except this one firewall our main one won’t re-SIC so we can’t manage it….blah blah blah”.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s