Difference between revisions of "Fwd restart via CLI"
(!) |
|||
| Line 1: | Line 1: | ||
== Problem== | == Problem== | ||
| − | 1) A firewall is logging locally. | + | 1) A firewall is logging locally. Symptoms will include: |
| + | |||
A) No new logs are coming into the SmartCenter or CLM according to the SmartViewTracker or fw log command | A) No new logs are coming into the SmartCenter or CLM according to the SmartViewTracker or fw log command | ||
| + | |||
B) The $FWDIR/log/fw.log file is increasing in size on the firewall in question | B) The $FWDIR/log/fw.log file is increasing in size on the firewall in question | ||
2) There is not TCP log connection between the firewall fwd process and the log server / SmartCenter / CLM. | 2) There is not TCP log connection between the firewall fwd process and the log server / SmartCenter / CLM. | ||
| − | You should normally see an ESTABLISHED connection when running the following command on a firewall that is configured to log remotely. | + | You should normally see an ESTABLISHED connection when running the following command on a firewall that is configured to log remotely. |
| − | [Expert@chkpfw]# '''netstat - | + | [Expert@chkpfw]# '''netstat -anp | grep ":257" | grep -v -E "LISTEN|127.0.0.1"''' |
| − | tcp 0 0 172.16.0.254:48956 192.168.1.100:257 ESTABLISHED | + | tcp 0 0 172.16.0.254:48956 192.168.1.100:257 ESTABLISHED 31856/fwd |
| + | where 172.16.0.254 = local firewall address and 192.168.1.100 = remote log server address | ||
== Solution == | == Solution == | ||
| + | 1) Make sure fwd is running on the SmartCenter or other logger and that there is free disk space. | ||
| − | + | 2) Restart fwd on the firewall(s). | |
| + | '''command line fwd restart''' | ||
| − | + | '''start command''' | |
# cpwd_admin stop -name FWD -path "$FWDIR/bin/fw" -command "fw kill fwd" | # cpwd_admin stop -name FWD -path "$FWDIR/bin/fw" -command "fw kill fwd" | ||
| + | '''stop command''' | ||
# cpwd_admin start -name FWD -path "$FWDIR/bin/fw" -command "fwd" | # cpwd_admin start -name FWD -path "$FWDIR/bin/fw" -command "fwd" | ||
[[category:logging]] | [[category:logging]] | ||
Latest revision as of 23:09, 15 November 2013
Problem
1) A firewall is logging locally. Symptoms will include:
A) No new logs are coming into the SmartCenter or CLM according to the SmartViewTracker or fw log command
B) The $FWDIR/log/fw.log file is increasing in size on the firewall in question
2) There is not TCP log connection between the firewall fwd process and the log server / SmartCenter / CLM.
You should normally see an ESTABLISHED connection when running the following command on a firewall that is configured to log remotely.
[Expert@chkpfw]# netstat -anp | grep ":257" | grep -v -E "LISTEN|127.0.0.1" tcp 0 0 172.16.0.254:48956 192.168.1.100:257 ESTABLISHED 31856/fwd
where 172.16.0.254 = local firewall address and 192.168.1.100 = remote log server address
Solution
1) Make sure fwd is running on the SmartCenter or other logger and that there is free disk space.
2) Restart fwd on the firewall(s).
command line fwd restart
start command
# cpwd_admin stop -name FWD -path "$FWDIR/bin/fw" -command "fw kill fwd"
stop command
# cpwd_admin start -name FWD -path "$FWDIR/bin/fw" -command "fwd"
