NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] log viewer doesn t display new log messages



Thanks David, I think that I have a key exchange problem, because with the command netstat -na I can´t see in the local address column that shows the remote fw address.
But, why can I install the policies ok?
Regards.
Verónica.
----- Original Message -----
Sent: Wednesday, March 21, 2001 12:13 PM
Subject: Re: [FW1] log viewer doesn t display new log messages

1.  Does the management console have connections to the remote firewall modules?
     Go to a command prompt and run netstat -na.  Look for a connection in the local
     address column that shows the remote firewall address(es) connecting to your
     managment console on port 257.  Also, check to be sure the managment console
     is talking to the logging GUI interface on port 258 in the destination column.
 
2.  Check the firewall modules and see how big their log is.  If the file is growing, then
     that means the firewall module cannot communicate with the management console.
 
3.  There should be a file in the $FWDIR/log directory called fwd.log (firewall daemon log).
     View it (use tail if the file is particularly large)  This may contain information about the
     status of the firewall daemon and connecting to the management console.
 
4  Check the file $FWDIR/conf/masters and be sure the management console is one of the
     IP addresses listed there.  On the management console, be sure that there is a clients file
     with the IP address(es) of your firewall(s).
 
5  Try fwstop;fwstart to force the daemon to reattach to the management console.  Make
     sure the policy loads properly.  Check the management console or the firewall using
     netstat -na to be sure you have a connection on both sides.  If not, you may have a
     key exchange problem.  Use fw putkey to recreate your keys.
 
That's all I can think of right off the top of my head.
 
 
 
David C. Diemer, CCSE
Enterprise Security Firewall Engineer
Georgia Department of Administrative Services (DOAS)
200 Piedmont Ave. SE
Suite 1420, West Tower
Atlanta, GA  30334
[email protected]
(V)
(F)

>>> Verónica Fernández <[email protected]> 03/21/01 09:18AM >>>
Thanks, David I understanded you.
But you didn´t give me a possible solution.
The pc wasn´t shutdown in hard way, because we have power problem. Maybe the log files were corrupted and that why it doesn´t update.
I goes on with the problem. The last that I tried was "fw logswitch", but it doesn´t work.
 
Thanks.
Regards.
Verónica.
----- Original Message -----
Sent: Wednesday, March 21, 2001 10:19 AM
Subject: Re: [FW1] log viewer doesn t display new log messages

You need to understand that there are actually many parts to the management console:
     1.  policy management interacting with the policy GUI;
     2.  logging interacting with the firewalls and the log viewer GUI;
     3.  OPSEC interacting with 3rd party products like RealSecure;
     4.  CP MAD interacting with the logs and the firewalls;
     etc., etc., etc.
 
Anyway, when the logging piece is deactivated via shutdown, the log viewer would not
be able to connect to the management console nor would the management console
receive any updates from the remote firewall modules.  However, when the management
console is reactivated, it should reconnect to the firewalls and the firewalls should update
the console with the logs it saved locally on the remote firewall modules.
 
The rule of thumb is to NOT shutdown the management console since it receives the logs
as well.  It is possible, however, to push to logs to another server, called the master
console, which only receives and processes logs.  It performs no other function such as
firewall management or OPSEC accounting, just logging.
 
 
David C. Diemer, CCSE
Enterprise Security Firewall Engineer
Georgia Department of Administrative Services (DOAS)
200 Piedmont Ave. SE
Suite 1420, West Tower
Atlanta, GA  30334
[email protected]
(V)
(F)

>>> Verónica Fernández <[email protected]> 03/21/01 06:58AM >>>
Hi everybody!!
Last week the pc where is isntalled the management console of FW-I (windows 2000 professional) , shutdown and it was 7 days power off.
Yesterday I turns it on and when I open the log viewer it only shows the messages from the 10 of March, the day that the pc was shutdown, but not the newer.
I installed the policy from the console management and it runs good.
I shutdown and turn on the FW-I (NOKIA IP650), and it was good, but the logs goes on not updated.
Do you know where is the problem?? And, how can I solve it??
Thanks.
Regards.
Verónica.


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.