Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

To the "oldies": Question about 4.0 Log Viewer

Status
Not open for further replies.
dalecooper

dalecooper

Technical User
Nov 5, 2002
36
0
0
DE
What can I do, if the logviewer shows the wrong name for the interface on which a logged event took place?

I checked the firewall object, it has the interfaces correctly named, but the logviewer confuses eth-s3p3c0 and s1p4c0 for example and sometimes it lists an interface named "if9" that's not even there.

Any ideas appreciated
 
Sort by date Sort by votes
I don't recall seeing that, check great site for CP FW1 4.1. You may want to try recreating the object and doing a get. What does your CP fW sit on? You will want this working properly otherwise it may cause other problems
 
Upvote 0 Downvote
Thanks for answering. FW-1 is running on a Nokia. I know Phoneboy, of course and the FW-1 mailinglist, but I couldn't find anything there either. I &quot;inherited&quot; this installation and the firewall is working fine, everyone else is just ignoring the interface names, but I consider them important and want to solve this <s>
 
Upvote 0 Downvote
Do you have support with Nokia? they have a pretty good knowledge base I'll take a look in case you don't, but you may want to get some basic support, even if it's just a one time call. If Checkpoint is not pulling the interfaces correctly then it could lead to other problems.
 
Upvote 0 Downvote
The Nokia support contract ran out before I started this job. Money is an issue so they didn't renew it *sigh* AFAIK I can sign into the Nokia site as a &quot;customer with a Nokia product&quot; anyway, all they want is the serial number of the box. I'll try that. Thanks again

Ralf
 
Upvote 0 Downvote
FWIW, I don't trust log viewer. I barely trust fw log -ftn from the command line, but that's another issue :). The only time I confronted anything like this...and it included wrong or imaginary interface names... was when my excessive log grace period (in FW properties) was set too high and I was trying to log too many similar packets. Once I got the settings right for my network (I'm at 9 seconds at the moment), things settled down alot and became more accurate. But then I'm not running on a Nokia, so this input might not help much. Cheers.
 
Upvote 0 Downvote
Hi! Doesn't this value say that although similar packets are handled by the rulebase, only the first of these packets should be logged within the &quot;grace period&quot;? If I decrease this value I will get MORE log entries per similar packets or am I to tired already today to understand it correctly? ;-)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
146
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
146
Johnkite
Johnkite
DROFNUD
  • Locked
  • Helpful tip
Smartcenter Dashboard - Searching for &quot;Any&quot; keyword
Replies
0
Views
34
DROFNUD
DROFNUD
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
150
intel233
intel233
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
121
nnaarrnn
nnaarrnn

Part and Inventory Search

Sponsor

Back
Top