The size of the SAM records file on the Security Gateway / Cluster member(s) -
$FWDIR/log/sam.dat - has exceeded a hard-coded limit of 5 MB.
The SAM records file contains all requests sent to the Security Gateway including obsolete requests. Purging these obsolete requests from the file decreases its size.
- The FWD module stores the Suspicious Activity Monitoring (SAM) rules received from the FWM module in the
$FWDIR/log/sam.dat file in a binary format.
- SAM rules are pushed to the Check Point kernel when they are received, as well as after policy installation and as part of FWD module initialization (to ensure that they remain active after system restarts).
- Security Gateway acts as a SAM Server.
- Management Server acts as a SAM Client.