Thanks Reinhard, you're the greatest! :-)
-----Original Message-----
From: Reinhard Stich [mailto:r.stich AT INTERNET-SECURITY DOT AT]
Sent: 21 November 2003 11:21
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Enlarging NG log message queue.
The easiest way to fix this error is to reduce the amount of logging. Is
the management server on Solaris and the Firewall is on a Nokia? Or do you
have Solaris mgmt as well as firewall? There is a modzap utility for
increasing the log buffer size on the Nokia boxes.
Here's the information for increasing the log buffer size on Solaris:
When too many log messages accumulate in the VPN-1/FireWall-1 kernel
buffer, the log message queue reaches its size limit and error messages
appear. An exhausted CPU usage can also cause an OS panic.
To resolve the issue, make a backup copy of the /etc/system file, then
open the /etc/system file, and add the following lines (or increase
existing parameter va lues, represented by hex numbers):
1. set fw: fw_msg_q_max = 0x10000
By default, this parameter is set to 0x200. There is no danger in
increasing fw_msg_q_max as much as needed, if 0x10000 did not resolve
the problem.
2. set fw: fw_log_bufsize = 0x80000
By default, this parameter is set to 0x14000. The fw_log_bufsize can be
increase d to 512K (0x80000).
3. Reboot the machine
cheers
reinhard
At 11:33 21.11.2003, you wrote:
>Hi,
>
>Quick question (hopefully!): Does anyone know how to increase the kernel
>logging buffer to avoid messages like this:
>
>Nov 20 14:02:14 mb-fw fw: [ID 209021 kern.notice] FW-1: lost 1024 log/trap
>messages
>Nov 20 14:02:14 mb-fw fw: [ID 773370 kern.notice] FW-1: log message queue
is
>full
>
>Error messages like this occur repeatedly (endlessly) in the
>/var/adm/messages file. A large amount of logging is being done, which we
>need, so can't turn off. I think that NG must be filling an internal kernel
>mode buffer before the user mode logging process can empty it. Does anyone
>know whether this can be enlarged?
>
>Thanks in advance,
>--
>Gareth Randall
>Internet Security Consultant <internet.security AT uk.easynet DOT net>
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
--
Reinhard Stich, ASSIST R.Stich AT internet-security DOT at
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-10
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
