Re: [FW1] log viewer doesn t display new log messages

[David C. Diemer]

1.  Does the management console have connections to the remote firewall modules?      Go to a command prompt and run netstat -na.  Look for a connection in the local      address column that shows the remote firewall address(es) connecting to your      managment console on port 257.  Also, check to be sure the managment console      is talking to the logging GUI interface on port 258 in the destination column.   2.  Check the firewall modules and see how big their log is.  If the file is growing, then      that means the firewall module cannot communicate with the management console.   3.  There should be a file in the $FWDIR/log directory called fwd.log (firewall daemon log).      View it (use tail if the file is particularly large)  This may contain information about the      status of the firewall daemon and connecting to the management console.   4  Check the file $FWDIR/conf/masters and be sure the management console is one of the      IP addresses listed there.  On the management console, be sure that there is a clients file      with the IP address(es) of your firewall(s).   5  Try fwstop;fwstart to force the daemon to reattach to the management console.  Make      sure the policy loads properly.  Check the management console or the firewall using      netstat -na to be sure you have a connection on both sides.  If not, you may have a      key exchange problem.  Use fw putkey to recreate your keys.   That's all I can think of right off the top of my head.       David C. Diemer, CCSE Enterprise Security Firewall Engineer Georgia Department of Administrative Services (DOAS) 200 Piedmont Ave. SE Suite 1420, West Tower Atlanta, GA  30334 [EMAIL PROTECTED] (V) 404.651.9677 (F) 404.656.0421 >>> Ver�nica Fern�ndez <[EMAIL PROTECTED]> 03/21/01 09:18AM >>> Thanks, David I understanded you. But you didn�t give me a possible solution. The pc wasn�t shutdown in hard way, because we have power problem. Maybe the log files were corrupted and that why it doesn�t update. I goes on with the problem. The last that I tried was "fw logswitch", but it doesn�t work.   Thanks. Regards. Ver�nica. ----- Original Message ----- From: David C. Diemer To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Wednesday, March 21, 2001 10:19 AM Subject: Re: [FW1] log viewer doesn t display new log messages You need to understand that there are actually many parts to the management console:      1.  policy management interacting with the policy GUI;      2.  logging interacting with the firewalls and the log viewer GUI;      3.  OPSEC interacting with 3rd party products like RealSecure;      4.  CP MAD interacting with the logs and the firewalls;      etc., etc., etc.   Anyway, when the logging piece is deactivated via shutdown, the log viewer would not be able to connect to the management console nor would the management console receive any updates from the remote firewall modules.  However, when the management console is reactivated, it should reconnect to the firewalls and the firewalls should update the console with the logs it saved locally on the remote firewall modules.   The rule of thumb is to NOT shutdown the management console since it receives the logs as well.  It is possible, however, to push to logs to another server, called the master console, which only receives and processes logs.  It performs no other function such as firewall management or OPSEC accounting, just logging.     David C. Diemer, CCSE Enterprise Security Firewall Engineer Georgia Department of Administrative Services (DOAS) 200 Piedmont Ave. SE Suite 1420, West Tower Atlanta, GA  30334 [EMAIL PROTECTED] (V) 404.651.9677 (F) 404.656.0421 >>> Ver�nica Fern�ndez <[EMAIL PROTECTED]> 03/21/01 06:58AM >>> Hi everybody!! Last week the pc where is isntalled the management console of FW-I (windows 2000 professional) , shutdown and it was 7 days power off. Yesterday I turns it on and when I open the log viewer it only shows the messages from the 10 of March, the day that the pc was shutdown, but not the newer. I installed the policy from the console management and it runs good. I shutdown and turn on the FW-I (NOKIA IP650), and it was good, but the logs goes on not updated. Do you know where is the problem?? And, how can I solve it?? Thanks. Regards. Ver�nica.