Increase the limit and rotate SSH log files in Checkpoint firewall


All modern Operating Sytems today provide extensive logging facilities, and Linux on which Checkpoint products are based is no exception. I talk about the SSHD daemon, not Secure Rules, logs. The SSHD logs, located in /var/log/ are rotated by default every 4 logfiles. I found it very useful to keep ssh access logs for a longer period, especially when client also has access to the firewall and does changes on his/her own. To tune parameters of the SSH logging edit /etc/cpshell/log_rotation.conf (no need to restart anything) :

    #cat **/etc/cpshell/log_rotation.conf**
        # File    max  size    backlog
        # By default max size is 65536 bytes and backlog (how many files to retain) is 4, I usually change it to the values before:
        /var/log/messages 65536 256
        /var/log/routing_messages 64536 256
        /var/log/wtmp 65536 256
        /var/log/lastlog 262400 256
        /var/log/secure 64536 256
        $CPDIR/log/cpstart.log 1048576 4
        # Files after this line will not be shown by log command
        /var/log/CPbackup.elg 64536 4
        /var/CPbackup/log/backup_logs.elg 64536 4
        $FWDIR/log/fwd.elg 1048576 4
        $FWDIR/log/dtlsd.elg 1048576 4