Disabling Log Indexing

To save disk storage space, a Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs. can be configured to work in non-index mode. If you disable log indexing, queries will take longer.

When log indexing is disabled, you must connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to each Log Server separately to query its logs. When you connect to the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. you do not get a unified view of all logs, as in index mode. On each Log Server, the search is done on one log file at a time.

To disable Log Indexing:

  1. Open SmartConsole.

  2. From the Gateways & Servers view, double-click the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Log Server object.

  3. From the navigation tree, click Logs.

  4. Clear the Enable Log Indexing option.

  5. Click OK.

  6. Publish the SmartConsole session.

  7. From Menu, select Install Database > select all objects > click Install.

To select a log file to search:

  1. Open Logs & Monitor > Logs view.

  2. Click the Options menu button to the right of the search bar.

  3. Select File > Open Log File.