CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E


Results 1 to 4 of 4

Thread: fw monitor script issues

  1. #1
    Join Date
    Rep Power

    Default fw monitor script issues

    Hello all,

    I'm having some trouble with an fw monitor script. In a nutshell, the script runs find when called by root using the bash shell. When I schedule it in the root crontab however, I get ": No such file or directory" at the end of the /var/log/messages file.

    Crontab is running the script at the specified times and the .cap output files are being created. The files are of zero lenght and the "No such file or directory" entry in messages isn't giving me enough to find out why the output

    I'll lay out the environment below.

    script name = /var/tmp/ips_fw_monitor.sh
    capture files = /var/tmp/cap/ips-"$fdate.cap" (These are being created)
    capture file permissions = -rw-rw---- 1 root root
    crontab = running as root
    script permissions = -rwxrwx--- 1 root root
    root shell = /bin/bash
    cron shell = /bin/sh

    =========begin script============


    # check and kill other fw monitor processes
    if [ -f $pidfile ]
    ps -ax | grep ^`cat $pidfile`
    if [ $? -eq 0 ]
    kill -HUP `cat $pidfile`
    rm $pidfile

    # Leave our current pid in a file in case we need to get bumped.
    touch $pidfile
    echo $$ >> $pidfile

    fdate=`/bin/date +%F-%k%M | sed -e 's/ //g'`
    #ftime=`w | head -1 | awk '{ print $1 } | sed -e 's/://g'`
    echo $fdate
    echo $ftime
    echo $ffile
    touch $ffile

    "fw monitor -ci 250 -e 'accept src=<src ip address> or dst=<dst ip address>;' -o $ffile"

    echo "EXITING `/bin/date`"
    =========end script=============

    =========crontab entry==========
    0 3 * * * /var/tmp/ips_fw_monitor.sh >> /var/tmp/ips_fw_monitor.out

    =====/var/log/messages entry======

    Jul 24 03:00:01 fw-hostname CronDaemon: Cron <root@fw-hostname> /var/tmp/ips_fw_monitor.sh >> /var/tmp/ips_fw_monitor.out (Environment: <SHELL=/bin/sh>, <HOME=/root>, <PATH=/usr/bin:/bin>, <LOGNAME=root>) : /var/tmp/ips_fw_monitor.sh: fw monitor -ci 250 -o /var/tmp/cap/ips-2006-07-24-300.cap -e 'accept src= or dst=;': No such file or directory

    I'm sure it is a fairly quick fix, but I can't seem to see it for some reason. Any help would be greatly appreciated.


  2. #2
    Join Date
    Rep Power

    Default Re: fw monitor script issues

    Well, after trying many different ways to run that script with cron and consulting with my teammates, I found that adding the following as line number two of my script got things working correctly.

    . /opt/CPshared/5.0/tmp/.CPprofile.sh

    If anyone has any ideas why that works properly I'd like to hear them.


  3. #3
    Join Date
    Rep Power

    Default Re: fw monitor script issues

    Because cron is not having the same settings as you as a user have.

    This is changed by line you entered.

  4. #4
    Join Date
    Rep Power

    Default Re: fw monitor script issues

    After speaking to our CheckPoint rep yesterday, I found that ALL "fw" commands need to be run using the CP context.

    Hopefully someone else will now have a quicker time of this sort of situation.


Similar Threads

  1. script to monitor fw vrrp
    By sonayny in forum Scripts and Tools
    Replies: 1
    Last Post: 2010-06-11, 09:51
  2. Script to Monitor Cluster Over time
    By jamesfraze in forum Scripts and Tools
    Replies: 0
    Last Post: 2010-04-05, 10:56
  3. FTP backup script
    By IndyBoiler in forum Check Point Backup Procedures
    Replies: 8
    Last Post: 2008-01-24, 11:05
  4. Use "fw monitor" to monitor traffic from 1 host.
    By Wutkung in forum Miscellaneous
    Replies: 2
    Last Post: 2007-01-17, 06:31
  5. Desktop Security/Policy Server logon failure issues issues
    By Clon32 in forum SecureClient/SecuRemote
    Replies: 3
    Last Post: 2006-10-25, 06:32


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts