Re: [FW-1] Disk full. Logging stopped on all modules

Mon, 23 Feb 2009 03:31:00 -0800 

I've gotten a solution from CP now and it worked. Had to actually delete some 
files from $FWDIR/conf on the CMA. After a reboot it started working.

Regards,
Torkel

> -----Original Message-----
> From: Mailing list for discussion of Firewall-1 [mailto:FW-1-
> [email protected]] On Behalf Of Rajeev Gupta
> Sent: Sunday, February 22, 2009 4:34 PM
> To: [email protected]
> Subject: Re: [FW-1] Disk full. Logging stopped on all modules
> 
> I guess creating a dummy logserver object and asking the fw to log to
> it
> would have only complicated the issue. Here are some suggestions:
> 1. If dummy object still exists, delete your dummy logserver object in
> the
> GUI and make sure firewalls in the 'log server' tab, are pointing to
> log to
> their respective CMA and push policy afresh to ensure this
> configuration you
> had before the dummy logserver is pushed to the gateways
> 2. Log into one of the firewalls or all of them one by one to which you
> pushed policy above and check $FWDIR/conf/masters file -so it shows
> Logserver as pointing to the CMA
> 3. netstat -an | grep 257 and see where the log connection from the
> firewall
> is being attempted to and to which is it established - ( this would
> give you
> the clue to troubleshoot further). Most likely, when your CMA on P-1
> was not
> available to send logs to, the gateways would have been logging to
> themselves. Normally, they should resort to log back to logserver once
> it is
> available but it may help in situations as yours to kill fwd (ensure
> you
> choose the 'best practice' to kill 'fwd' - killing 'fwd' does not
> impact any
> traffic on the firewall) and start it back (but be prepared to
> 'cpstop/cpstart' the firewall in case 'fwd' does not come up
> gracefully.
> 4. Before killing 'fwd' step, you can do two more things - check your
> var/log/messages - to see if you have 'log buffer is full' kinda
> messages
> and second you can debug fwd process simultaneously on the CMA (in CMA
> env)
> and on the fw with 'fw debug fwd on/off' command - which would show you
> very
> clear messages of why and where
> 5. There is a possiblity w/ disk full, there is some file corruption w/
> $FWDIR/log directory on the CMA. You can stop the CMA, move everything
> from
> within /log directory out (do not move /log itself - only its
> contents),
> start the CMA - you may choose to take this as a first step or after
> debugging to see if logs start to work ...
> 
> hth,
> Rajeev
> 
> On Fri, Feb 20, 2009 at 7:38 PM, Torkel Mathisen
> <[email protected]>wrote:
> 
> > Hi,
> >
> > I got a problem today when our Provider-1 ran out of disk space in
> /var and
> > all logging stopped.
> >
> > I cleared up some old logfiles, but I can't seem to get logging
> working
> > again.
> >
> > I've also tried logswitch and log purge, but I get "Failed to
> connect".
> > This happens in both GUI and on CLI.
> >
> > I've also tried mdsrestart_customer, mdsstop/mdsstart, rebooted the
> server
> > and emptied the log directory. I also tried creating a dummy
> logserver
> > object and install the rulebase with that and then repush the
> rulebase with
> > the original logserver. Nothing worked.
> >
> > Anyone had that problem and know how to fix it?
> >
> >
> > Regards,
> > Torkel
> >
> > Scanned by Check Point Total Security Gateway.
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
> 
> 
> Scanned by Check Point Total Security Gateway.
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
IƧ��[�(^rC��{S�֥I�.�+r�^���

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Reply via email to