Often times when a checkpoint FW looses connectivity with a CMA/MLM for a short period of time it may quit sending logs. It will then only log locally to the firewall in the $FWDIR/log/fw.log file. You can check this file to see if it's increasing in size (ls -al $FWDIR/log/fw.log )and wait a few seconds and see if the file increases if it does then it's logging locally. Also perform a tcpdump on port 257 filtering on the MLM ip this will show you that it's sending logs.
Steps to fix logging locally:
1. Stop & Start the following:
cpwd_admin stop -name FWD -path "$FWDIR/bin/fw" -command "fw kill fwd"
cpwd_admin start -name FWD -path "$FWDIR/bin/fw" -command "fwd"
2. If that does not fix it, login to the provider-1 and then stop and start the MLM.
3. If that does not work, reboot the device
Friday, February 27, 2009
Resolving Checkpoint Local Logging Issues
Subscribe to:
Post Comments (Atom)
Posts
whats the benefit of using cpwd_admin over a straight cpstop && cpstart ??
ReplyDeletecpwd is the watchdog that monitors entire daemons. It knows when dependencies are needed and starts those dependencies. If , for example, you start the cp daemon (cpstart) and one of its dependencies are not running, the process will fail. With cpwd, it will not. Basically its a clean way to manage daemons.
ReplyDeleteAdditionally, when processes are started with cpwd, the watchdog will monitor it and will restart dependencies if they are stopped. And it logs its events in the cpwd.elg.
there is another checkpoint logging guide here :
ReplyDeletehttp://www.fir3net.com/Firewalls/Checkpoint/there-are-no-checkpoint-logs.html