LEA OPSEC

[Laurent Mercier]

Hi everybody,

I am trying to use the product loggrabber (hxxp://sourceforge.net/projects/fw1-loggrabber) to make a
real-time analysis of the logs of our firewall (Firewall-1 NG FP3).
Everything seems ok, but when we execute the command "fw logswitch", on the FW1 management server, loggrabber doesn't receive any more data from the management server.

If we kill Loggrabber et restart it, everything works well.

Have you ever meet this kind of trouble?

Thanks.

Laurent

[SamuelB]

Laurent,

Please keep in mind that I have not used loggrabber before. What version of loggrabber are you using? The latest version 1.11.1 mentions the following note:

*A bug in Checkpoints OPSEC SDK, which causes a segmentation fault of fw1-loggrabber when switching logfiles on the management station, made it necessary to relink the binaries. Additionally there are minor bugfixes in this release.

This seems to be the issue that you have described.

Thanks,
Samuel

[Laurent Mercier]

Thanks a lot Samuel,

Effectively,my version of loggrabber is: fw1-loggrabber-1.11.1. I have found
an hotfix (http://www.opsec.com/cp_products/90.htm), hotfix 4 - Linux, which may solve this problem. I am going to test it.

Thanks again.

Laurent

[Laurent Mercier]

Hi everybody,

On the site www.opsec.com, I have downloaded the files

- OpsecSdkNgFp3Hf4.linux22.tar.gz
- OpsecSdkNgFp3.linux22.tar.gz

in order to solve my problem (with Loggrabber)

But does anybody know how to install this hotfix. The installation discribed
in OPSEC_SDK_FP3_HF4_RN.pdf is not very clear.

Thanks

Laurent