Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] questions about log

To: [email protected]
Subject: Re: [FW-1] questions about log
From: Scott Friedman <[email protected]>
Date: Tue, 26 Feb 2002 10:17:29 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

first - expand the width of the "Info" column, it provides info that
will help find out why it's being rejected - could be a SynDefender drop
possibly..

Second - See which rule is dropping it, the allowing HTTP rule
(unlikely) or the cleanup (last rule, any any any drop)...  if it hits
the cleanup rule, then your rule allowing traffic to it earlier in the
rulebase isn't being matched for some reason.

Third - you can't set a Max size, it will continue to log your rules
that you have set to Track (long, short, account) no matter what, to
$FWDIR/log - use a cron job (Unix/Linux) or AT command scheduler
(NT/2000) to run fw logswitch as needed (daily, hourly, weekly)

Keep the log file under 200MB so your log viewer isn't slow as
molasses.

Scott J. Friedman, MCSE CCSE CCNA
Security Engineer
Ideal Technology Solutions, Inc
Email : [email protected]
Phone :>>> [email protected] 02/26/02 06:56AM >>>
Hi everyone

As newbie being a firewall-1 administrator,I check the log (log
viewer)
everyday.I have some questions.

first
I have set no reject actions in the rulebase.(The default rule's
action
is drop) but in the log,I found rejected action recorded.Why?

Second
I let a network to access my web server.But in the log,I found all the
access from the hosts in that network have been droped (the service
type
is http).Why?

Third
Can someone tell me how to control the size of log file?(For example,I
can set the max size.)I heard that if the file is larger than the
space
of the disk,firewall will crush.

Thanks in advance

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] IP POOL for SecuRemote connection with client side NAT Fails
Next by Date: [FW-1] Account, do nothing
Previous by thread: Re: [FW-1] questions about log
Next by thread: [FW-1] free FTP-Proxy for Solaris 8 ?
Index(es):
- Date
- Thread