On Sun, 17 Jun 2007, cisco4ng wrote:
On the nokia, when I perform
"netstat -an | grep 257", I can see
established connectivity from the Nokia
to both the CMA and log server and on the
CMA, I can see logs coming from the Nokias.
However, when I go into $FWDIR/log on the
nokia, I can see that the fw.log keeps
going up. The fw.log file is scheduled
to rotate every 24 hours and that the
average log file on the nokia is almost
500MB everyday. It seems like some of
the logs never make it to the CMA and
standalone log server. This has been
going on for almost 5 months now.
Do the hard work. Export logs for a single day from all of them (both of
the VRRP gateways, the CMA and the other log server).
Then sit down and compare them to see if you have duplicate logs or
complementing logs. That is surely a time consuming business.
The logical step to me would be to eliminate the second log server as
having 2 log servers is twice the workload for the gateways.
And with a normal VRRP setup I would expect that one gateway is handling
the traffic and thus only of of them should should have something
interesting to log. The other should be near empty.
What does `vmstat 10 10` show you exactly? You may be overloading the
units. Also check `netstat -ni` output for any errors.
Since this is all new to us we start again with doing the 101 checks to
make sure you are not chasing ghosts. I have seen too many people step
over network errors and trying to find a cmomplicated problem when the
cause was there in their face all the time.
Ever read the newspaper by the light of collision led? That sure can not
be the cause of applications timing out everyone one assured me. It
must be something complicated like a bug. Right. ;-)
The bit which you may not like is that you may need to stop and start the
Check Point processes to make sure the changes are properly executed. A
rulebase install might not be enough to get rid of the secondary log
server for example.
Hugo.
--
[EMAIL PROTECTED] http://hugo.vanderkooij.org/
This message is using 100% recycled electrons.
Some men see computers as they are and say "Windows"
I use computers with Linux and say "Why Windows?"
(Thanks JFK, for the insight.)
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
