[FW-1] **odd logging issues on IPSO FW-1 NGAI**

Subject:	[FW-1] odd logging issues on IPSO FW-1 NGAI
From:	"Lockwood, Robert (R.)" <rlockwo2 AT FORD DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Mon, 23 Aug 2004 11:18:57 +0100

Hi Group.

Has anyone ever encountered problems with Nokia IPSO/FW-1 NGAI, where the 
CheckPoint logs store both locally (on the enforcement modules) and on a remote 
FW-1 logging server? 

We are seeing the local $FWDIR/log/fw.log growing rapidly and impacting on the 
Nokia system performance (direct or indirect impact?). The settings in the 
SmartDash GUI are configured for remote logging only and the observed behaviour 
is not desired. 

The firewall is reasonably loaded during peak business hours, but has 
reasonable memory and CPU speed. I suspect that the logging issue is impacting 
on the system.
I do not want to reduce the logging for security and diagnostic reasons, so 
really need to understand why the local logging is occurring.

It has been suggested that the system may be maxing out and that a larger unit 
may need to be deployed, but I want to remove this log issue to start with.

 - The bandwidth to the logging server is believed not to be an issue - the log 
data traverses an out-of-band network that isn't busy. 

 - The log server has adequate storage and is on a powerful Unix system.

 - A "netstat -an | grep 257" shows an ESTABLISHED  tcp connection open to the 
log server.

 - The log server is receiving and recording log data successfully.

 - The logging buffers on the Nokia are set to the standard size (the system 
has not been modzapped) - I am not sure whether they are reaching their bounds 
or not.

Thanks for you help!

Regards, 

Rob

Robert Lockwood, CISSP.


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] odd logging issues on IPSO FW-1 NGAI, Lockwood, Robert (R.) <= Re: [FW-1] odd logging issues on IPSO FW-1 NGAI, Zeltser, Roman Re: [FW-1] odd logging issues on IPSO FW-1 NGAI, Lockwood, Robert (R.) Re: [FW-1] odd logging issues on IPSO FW-1 NGAI, Lockwood, Robert (R.)

Previous by Date:	Re: [FW-1] Upgrade from NG FP3 to NG with AI easy?, Ray
Next by Date:	Re: [FW-1] odd logging issues on IPSO FW-1 NGAI, Zeltser, Roman
Previous by Thread:	[FW-1] Retransmitted data does not match original data error??, jacob c
Next by Thread:	Re: [FW-1] odd logging issues on IPSO FW-1 NGAI, Zeltser, Roman
Indexes:	[Date] [Thread] [Top] [All Lists]