Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] FW logging

To: [email protected]
Subject: Re: [FW1] FW logging
From: Juan Concepcion <[email protected]>
Date: Tue, 18 Sep 2001 11:32:27 -0400
Cc: [email protected]
In-reply-to: <000b01c1401a$f74cafd0$5f060b0a@ukluk000>; from [email protected] on Tue, Sep 18, 2001 at 04:21:50 -0400
References: <000b01c1401a$f74cafd0$5f060b0a@ukluk000>
Sender: [email protected]

Look under the $FWDIR/log directory and do a search through the fwd.elg. 
My guess is that your going to see enteries to the effect of "Log server
went down", if you see this then there are connectivity problems between
the mgmt station and the remote fw's.
-- 
Juan Concepcion
Network Security Engineer
CCSA/CCSE
[email protected]


On 2001.09.18 04:21 Richard Marshall wrote:
> 
> Hello Gurus,
> 
> 
> I'm hoping that you may have some suggestions on the following problem...
> 
> I'm running an enterprise system with a managment server behind a pair of
> HA
> IP440's (SP-2 IPSO 3.2) and have 5 other IP330's (some on 3.2/SP-2 some
> on
> 3.3/SP-3).
> 
> The managment server displays only the logs from the cluster but not the
> other walls. running TCP dump suggests that the logs are reaching the
> managment server but they're simply not being displayed. Sometimes the
> log
> viewer even shows the receipt of FW1_log from the other walls.
> 
> What is particurlarly strange is that at one point (though no longer) if
> i
> ran fwlogswitch on an IP330 and bounced the wall then the managment
> server
> started to display the logs for that wall, and then stop. Sometimes after
> less than an hour, sometimes for more than this.
> 
> I have never seen the cluster and more than one of these other walls
> logging
> at the same time.
> 
> Obvisouly this is not helpful, especially as i need to export, and ftp
> the
> logs from the other walls if i need to view them.
> 
> I once remember seeing a resolution (i think on the nokia site) with a
> solution to a similar problem to this - though the solution didn't work
> in
> my case, and i can't find the res. any more
> 
> Do you have any ideas on what is happening to the logs? I'm think that it
> is
> something to do with the managment server, but even this i'm not sure of.
> (managment is on NT4, fw4.1 SP-2, cluster walls have invalid IP's facing
> the
> managment server, all other walls have valid IP's btw)
> 
> Thanks in advance for any suggestions!
> 
> regards
> 
> rich :)
> 
> 
> Richard Marshall
> Network Systems Analyst
> NetDoktor
> Tel: + 44 20 7681 8470
> Mobile: + 44 7980 865 306
> MSN Messenger: [email protected]
> E-mail: [email protected]
> http://www.netdoktor.com
> -----------------------
> 
> 
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions
> at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] FW logging
  - From: "Richard Marshall" <[email protected]>

Prev by Date: [FW1] Checkpoint v4.1 SP5
Next by Date: RE: [FW1] FW: Interface on 2000
Previous by thread: [FW1] FW logging
Next by thread: [FW1] fw1.at.conf
Index(es):
- Date
- Thread