Re: [FW1] strange messages

Robert MacDonald Tue, 27 Jun 2000 09:22:28 -0700

Wolfgang,

Was your firewall mgt server down for a short time?

I had noticed the same thing and did some testing to see
what caused it. This was the simple part. I had to restart 
my fw mgt server. When I restarted the GUI log, I saw
this event in the log. On the fw mgt server console, I saw
the other messages(Connection broken...)

If you try this(fwstop/fwstart on mgt server), you will
also re-produce this log entry and messages.

You're most likely running some add-on, which is using
port 18184, etc.(I'm using WebTrends) which has
an established connection with the mgt server. Once
it's broken, it can no longer get info to the mgt server
and so logs it locally. When the connection is
re-established, it will send any local log entries(for the
addon service) to the mgt server.

I was able to see how many times this had happened
by filter the log on the action column. Check all of the
items in the action section and then choose
"Not in", since there isn't a check box for 'act31'.

You will also see(unfiltered) some 'ctl' actions before
and after the 'act31' record.

The log file entry is unique. The top appears to be the
actual log entry(binary info). And the rest of it appears
to be different formats of the logs file. Research time.

My guess is, this info is fed from the add-on service
through an API that CP/OPSEC has defined.

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> Scholz Wolfgang <[EMAIL PROTECTED]> 6/26/00 11:00:38 AM >>>
>
>hi everybody
>
>i upgraded fw1 on a solaris sparc machine from 4.0 to 4.1 sp1 which acts as
>the management station and firewall module (enterprise center). when i start
>the firewall everything goes ok but after a short time i see strange
>messages on the console. "Connection broken while communicating with
>localhost for fwn1_opsec" . Also in the log viewer i see strange entries
>from the ela server. the action is act31 the product is ela proxy and in the
>info column the message appears "message: redirected 2 logs to to local file
>ela_06262000_145712 under /opt/CPfw1-41/log". anybody seen this too ?? and
>what s wrong ??
>
>regards
>
>wolfgang




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Re: [FW1] strange messages

Reply via email to
