The reason I sent logs to both the CMA and the standalone log server is because I give the customer access to the standalone log server to view the log, customers do not have access to the CMA or provider-1.
the nokia has 1GB of ram and over the past six months, cpu utilization is average at 50% idle and memory utilization is at 600MB of free memory. "netstat -I ethx 8" show no errors whatsoever. If you read my previous, I did one step better than stop the checkpoint process, I rebooted both Nokia boxes, repush the policy but still same issue. If this is a bug, it is surely a nasty one. Hugo van der Kooij <[EMAIL PROTECTED]> wrote: On Sun, 17 Jun 2007, cisco4ng wrote: > On the nokia, when I perform > "netstat -an | grep 257", I can see > established connectivity from the Nokia > to both the CMA and log server and on the > CMA, I can see logs coming from the Nokias. > However, when I go into $FWDIR/log on the > nokia, I can see that the fw.log keeps > going up. The fw.log file is scheduled > to rotate every 24 hours and that the > average log file on the nokia is almost > 500MB everyday. It seems like some of > the logs never make it to the CMA and > standalone log server. This has been > going on for almost 5 months now. Do the hard work. Export logs for a single day from all of them (both of the VRRP gateways, the CMA and the other log server). Then sit down and compare them to see if you have duplicate logs or complementing logs. That is surely a time consuming business. The logical step to me would be to eliminate the second log server as having 2 log servers is twice the workload for the gateways. And with a normal VRRP setup I would expect that one gateway is handling the traffic and thus only of of them should should have something interesting to log. The other should be near empty. What does `vmstat 10 10` show you exactly? You may be overloading the units. Also check `netstat -ni` output for any errors. Since this is all new to us we start again with doing the 101 checks to make sure you are not chasing ghosts. I have seen too many people step over network errors and trying to find a cmomplicated problem when the cause was there in their face all the time. Ever read the newspaper by the light of collision led? That sure can not be the cause of applications timing out everyone one assured me. It must be something complicated like a bug. Right. ;-) The bit which you may not like is that you may need to stop and start the Check Point processes to make sure the changes are properly executed. A rulebase install might not be enough to get rid of the secondary log server for example. Hugo. -- [EMAIL PROTECTED] http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Need Mail bonding? Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
