NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] log message queue is full


  • To: [email protected]
  • Subject: Re: [FW-1] log message queue is full
  • From: Kevin Martin <[email protected]>
  • Date: Mon, 4 Feb 2002 10:12:40 -0600
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcGtjbru39zvwxl7Eda9iADQt8hU6gACDyFQ
  • Thread-topic: [FW-1] log message queue is full

Knowledge base gives this information:

Cause: The log message queue keeps all the FireWall event logs until
FireWall-1 finishes processing them. If too many logs arrive in the
Message Log, then the buffer becomes full and the "FW-1 log message
queue is full" error message appears. This symptom is usually
encountered in loaded systems, or by FireWalls that handle many network
connections.

Solution: Run one or more of the following fixes (in the listed order),
until the problem is solved:

1. Increase the frequency of switching the log files (running "fw
logswitch").
2. Reduce the amount of traffic being logged. This includes "long" and
especially "accounting" entries.
3. Decreased the "Excessive Log Grace Period" (in the properties window
under the "Log and alert" tab), to a lower value (the default value is
62 seconds).
NOTE: The main drawback of setting the Excessive Log Grace Period to
zero is that your log would include similar packets received at
approximately the same time, while when it is set to a non-zero value,
they are hidden (see Managing FireWall-1 Using the OpenLook GUI p.104).
As a result your log would contain all packets, a fact that may increase
the size of your log file.
4. Give fwd a higher priority using the renice command. To achieve this,
give the FireWall-1 daemon a negative value, depending on your system's
load (its default priority is zero, like most of the processes). Avoid
changing it for a value that is lower than -5.
5. As a last resort you can implement the following workaround:
Issue the following commands:

FOR UNIX:

1. Add the following line to the end of the /etc/system file as follows:
set fw:fw_msg_q_max = 1024

2. Reboot.
Check that the size has been changed to 1024k (the default is 512k)
using the "fw_msg_q_max/X" command or by using "fw_msg_q_max ?" | adb -k
-w.

OR


Cause: The log message queue buffer is being overwhelmed with log
messages.

Solution: When too many log messages accumulate in the VPN-1/FireWall-1
kernel buffer, the log message queue reaches its size limit and error
messages appear. An exhausted CPU usage can also cause an OS panic.
According to Sun, the "ip_snmp_get2" error message is related to
applications involving heavy network traffic, which causes a memory
leak.

To resolve the issue, open the etc/system file, and add the following
lines (or increase existing parameter values, represented by hex
numbers):

1. set fw: fw_msg_q_max = 0x10000
By default, this parameter is set to 0x200. There is no danger in
increasing fw_msg_q_max as much as needed, if 0x10000 did not resolve
the problem.

2. set fw: fw_log_bufsize = 0x80000
By default, this parameter is set to 0x14000. The fw_log_bufsize can be
increased to 512K (0x80000).

3. Reboot the machine

Good luck.


Kevin Martin            [email protected]
Stafford Trading Inc.   Chief Security Officer
Chicago, IL  60604      TEL230 S. LaSalle, Ste. 688



-----Original Message-----
From: Jesus Corrales - Soporte de Sistemas
[mailto:[email protected]]
Sent: Monday, February 04, 2002 8:55 AM
To: [email protected]
Subject: [FW-1] log message queue is full


> Hi.... the motive of present is for request support with a problem
> that this registering in my platform FW-1. This registering the
> message: Oct 14 20:53:20 firewall unix: FW-1: log message queue is
> full Oct 14 21:14:02 firewall unix: FW-1: lost 512 log/trap messages.

> Please of indicating myself if this message takes place(is produced)
> for insufficient memory RAM of my equipment(team) SUN or for another
> motive Thank you  Jesus

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.