fw logexport Takes a long time or Crashes

[BarryStiefel]

fw logexport Takes a long time or Crashes



If fw logexport takes too long or dumps core, here are some options you can try that will help:

-n: Disables name resolution. This should speed the process up significantly. -r size: Sets the "Record Chunk Size" to size. I would start with 1024 and divide in half until it works. Note: if this number is too small, it can increase the amount of time logexport takes.

In one case, I saw a logexport problem for a customer that was running a pre-build 3045 version of 3.0b. It wasn't the base 3.0b installation, but it wasn't 3045. A good piece of general advice is to make sure you are on a "released" build of FireWall-1 if you can help it.

On a Unix box, another user mananged to fix this problem, by nohup'ing the process



#nohup fw logexport.....

-- GuyR - 06 Jan 2004

On a Nokia IPSO running 3.6 FCS11 with NG FP2, exporting or even accessing a rotated log larger than 1gb seems to be a hit or miss proposition. A 1.1gb file seems to be readable by the log viewer and can be exported without problems, but a 1.5gb log is completely unreadable - the log viewer disconnects when you try to open the log, and log exports were core dumping at 34% during pass 1. Attempts at "fw repairlog " didn't make the log readable, even with the -u option. The nohup command also didn't work either.

Check Point's online documentation states that logs are automatically rotated at 2gb because they can't work with files larger than that - thereby implying there's a 2gb limit to log file size.

Nokia Tech Support, after hearing all that I'd tried to do to make the log readable, stated that this was a "known issue" with this version, and they recommend upgrading the firewall to NG FP3 HF2, then upgradinging IPSO to 3.7, then upgrading the firewall to NG AI/FP4.

-- John Silvia - 27 Apr 2004

FAQForm FAQs.Class: LoggingAndAlertingFAQs FAQs.OS: FAQs.Version: