[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Follow-up questions - Re: [FW-1] Management Station not listening on tcp/257
I have been browsing around the 'Net and according to Phoneboy's FireWall-1 FAQ, FW-1 4.1 processes should run as Administrator, NOT the Local System Account... Is this true, could this be the problem with the log daemon dying every two hours because of file locks?? I am more of a Unix guy than Windows so please excuse any ignorance of Windows systems accounts... Thanks in advance!! shawn pakkit at codepiranha dot org On Fri, 22 Aug 2003, Shawn Duffy wrote: > No, the only stations sending logs to the Management station are the 2 > Check Point modules... > > shawn > pakkit at codepiranha dot org > > On Fri, 22 Aug 2003, Mark Ward wrote: > > > do you have any of your cisco routers sending to the same station as well as > > I have seen instances where syslog messages from ciscos have messed with the > > log viewer > > ----- Original Message ----- > > From: "Shawn Duffy" <[email protected]> > > To: <[email protected]> > > Sent: Friday, August 22, 2003 5:47 PM > > Subject: [FW-1] Management Station not listening on tcp/257 > > > > > > > All: > > > > > > We have had a problem for quite a while in our environment and I am trying > > > desperately to fix it. Yes, we will be upgrading to NG soon, but this is > > > a very vital firewall so we are taking it very slowly. > > > > > > Anyway, here is the setup: > > > > > > Two HiAv Nokia 530s running FireWall-1 4.1 > > > One Windows 2000 4.1 Management station > > > > > > Every four hours or so, the manager stops listening on port 257 and, of > > > course, starts sending RSTs to the modules when they try to log. So we > > > end up restarting the manager and logging resumes. When it crashes, I am > > > seeing the following messages in the Application Logs on the Manager: > > > > > > FireWall-1: failed to read log header !!: The process cannot access the > > > file because another process has locked a portion of the file. > > > > > > There are a ton of these in the Event Viewer right around the time the > > > logging mechanism on the manager crashes and stops listening. > > > > > > Now, the firewall modules so send a TON of logs back to the manager, so is > > > it possible that it is simply the large amount of traffic that is crashing > > > the log daemon? > > > > > > Or, what processes could be simultaneously trying to access the file? > > > > > > Anyone seen this before? > > > > > > Thanks in advance! > > > > > > shawn > > > pakkit at codepiranha dot org > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [email protected] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [email protected] > > > ================================================= > > > > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|