Checkpoint NG - log switching

[AtosJule]

Hi,

We are running Checkpoint NG FP2 and in the last week the automatic log switching that was set to happen at midnight is no longer ocurring. No settings have changed - only thing that seems related is that we had to restart the FW and since this point log switching only happens if done manually. Help????????

 

[rn4it]

What kind of OS is you CPFW management station on? NT,IPSO,Unix?

 

[AtosJule]

IPSO 3.7 - all running on the Nokia box. Looking forward to hearing your thoughts..

 

[rn4it]

go to access2networks.com go into their downloads section. Download their cleanup zip. Modify the files for your config basically IP's passwords. Create a cron job to run on whatever schedule you wish. That's what we do, no problems.

 

[mpaters]

This link " access2networks.com " is no longer available. Can any share this out?

thanks,
Mark paterson

 

[rn4it]

here you go,

http://a2n.can9.com/

when you type

http://access2networks.com

it will resolve to the above link. I have posting with the the clean up files in this forum going back a while ago. It may still be listed.

 

[rn4it]

Sorry I see what you mean, this file was origionally used on FW1-4.1, so they are probably not supporting it any more. I believe there is a Nokia TAC article on how to schedule these types of jobs within the IPSO 3.7 config/system config/job scheduler, this would be definately supported. These scripts work for me in my environment, I wouldn't load them with out testing them. Since they have been removed from their site I'll hold off uploading the scripts, look into the job scheduler in the IPSO.

 

[AtosJule]

Have found the job scheduler within Voyager and wandering what command will request log switching to occur at midnight.

 

[rn4it]

Here you go to logswitch 'fw logswitch $NAME-$DATE' without quotes and select daily. I haven't used the job scheduler, but after you apply the job you can probably set the time. If you create a script to FTP the logfile off it's pretty handy. Here is an example you can use, but it's not supported. good luck

fwmgmt[admin]# more fwlog-ftp
#! /bin/csh
#
# This file was created by Access 2 Networks.

http://www.access2networks.com

# The purpose of the file is to ftp log files to an FTP server.
#
# The next line reads in environment variables for this session.
#
source /var/etc/pm_cshrc
#
# The next line sets the environment variable for NAME and FWLOG.
#
setenv NAME `uname -n`
setenv FWLOG `date +%d%b%Y-%H`
#
# The next line changes directories.
#
cd /opt/CPfw1-50-04/log
#
# The next line zips up the files and then deletes the original log files.
#
#tar -cvzf /opt/CPfw1-50-04/log`uname -n`-`date +%d%b%Y-%H%M`-fwlog.tgz $NAME-$F
WLOG* |xargs rm -rf
#
# The next section opens an ftp session and puts the files onto the ftp server.
# It uses the .netrc file for the username and password for the ftp setting.
#
cd /opt/CPfw1-50-04/log
ftp -i <ip of ftp server> << HERE
binary
mput fwmgmt*
lcd /var/admin
put fwmgmt*
close
quit
HERE