Thursday, May 27, 2010

Script for auto deletion of the logs on Secureplatform / SPLAT


There is no way to configure your SPLAT box or UTM-1 appliance in a way, that only logs for the last X days were kept.
The only work-around would be to configure on the firewall object -> Logs and Masters -> Required Free Disc Space together with the option Do not delete log files from the last X days.
By configuring a very high value for required free disc space you could have the script run every day and with the other option prevent it from deleting the needed logs.
OR – you could implement a short script:
[Expert@fw1]# cat /usr/bin/del_logs.sh
#!/bin/bash
/usr/bin/find /var/log/opt/CPsuite-R65/fw1/*.log* -ctime +217 -print -exec rm -f {} \;

The parameter ctime is the amount of days for the logs to keep.
Run the script with cron:
[Expert@fw1]# crontab -l
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.19431 installed on Mon May 10 10:21:33 2010)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
42 11 * * * /usr/bin/del_logs.sh
50 2 * * 1,2,3,4,5,6,7 backup_util sched

Now you're able to delete the old logs as you like. If you backup your firewall or SmartCenter to your local disc, maybe you want to do this with your backups, too?

No comments: