Aug 9 08:00:10 firewall kernel: FW-1: Log buffer is full

[usman_a]

Can someone advice me on how i can fix teh following error?

Aug 9 08:00:10 firewall kernel: FW-1: lost 592 log/trap messages
Aug 9 08:00:10 firewall kernel: FW-1: Log buffer is full
Aug 9 08:00:10 firewall kernel: FW-1: lost 2011 log/trap messages
Aug 9 08:00:10 firewall kernel: FW-1: Log buffer is full
Aug 9 08:00:10 firewall kernel: FW-1: lost 1324 log/trap messages


i have two crossbeam firewalls with a Sun Sloairs management server.

any advice would be helpful

[mikem]

Basic checks is to ensure there are no network connectivity issues from the enforcement points to the MS

One solution is to of course reduce how much you log. For example do you log the drop rule?

Another solution is to allocate additional memory on the enforcement points so they buffer additional logs. You would change the log buffer queue size (if you have the memory available)

Below is how I configured mine. (linux OS) I think I doubled or tripled default.

A workaround is to decrease logging.

Then, as a permanent fix, edit the /etc/system file on enforcement module and add the "set" command as follows:

set fw:fw_log_bufsize=xxxxx

Where xxxx is the desired size in bytes (default = 81920)

Reboot the VPN-1/FireWall-1 Enforcement Point module for the change to take effect.

It is possible to set this value on the fly by running 'fw ctl set int fw_log_bufsize xxxxx' but it won't be persistent across reboots.



For Linux platform, please refer to solution



----------

How to increase the log buffer size on Linux platforms?



Solution

--------

Add the following line in the $FWDIR/boot/modules/fwkern.conf file

(note that the file may not exist by default):



fw_log_bufsize=xxxxx



Where xxxx is the desired size in bytes (default = 81920).

After changing this you have to reboot the module.

mike