SmartEvent log handling too slow for Check Point

Vendor

Check Point

Description

If SmartEvent can't handle logs fast enough a backlog may occur, or the storage fills up. Indeni will track the log handling by SmartEvent and alert if it's too slow.

Remediation Steps

Contact your technical support provider, mention SK92766.

How does this work?

Count the number of files in $RTDIR/distrib if it exists and determine if the number is too high.

Why is this important?

Too many files in the folder $RTDIR/distrib, could indicate an issue with the SmartEvent and SmartLog products. More information is available in the following Check Point KB articles: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk93970 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk60080 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92766

Without Indeni how would you find this?

An administrator could login and manually count the files.

View Source Code
single