Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

retrive logs from a firewall after Management station has been disconnected

Jump to solution

Hi I have a log question.

 

If the Management Station is disconnected from  the firewall due to  ISP outages, The firewall logs locally.

When the Management station reconnects does it:

1) download the local logs of the firewall automatically (I do not believe it does)

2) do we have to download the logs manually ?

    a) is there a procedure for this, noting obvious 

 

Any help is appreciated

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted

Re: retrive logs from a firewall after Management station has been disconnected

Jump to solution
While a gateway is disconnected from the SMS it will store those files locally, to collect those files on the SMS, you ssh to the SMS and go into expert mode.
Type: fw fetchlogs <IP of GW>
Regards, Maarten

View solution in original post

0 Kudos
3 Replies
Highlighted
Sapphire

Re: retrive logs from a firewall after Management station has been disconnected

Jump to solution

I would assume that you use R80.30 here. The firewall logs locally and will reconnect to SMS/Log server if it becomes available. All logs from the meantime will have to be transferred to the log server manually - this is covered in Importing Offline Log Files in R80.30 Logging and Monitoring Administration Guide.

The procedure starts by copying /opt/CPsuite-R80.30/fw1/log/ files. On SMS/Log server, copy to the same directory. If SmartLog can not read it, manually use fw repairlog /opt/CPsuite-R80.20/fw1/log/xxx.log to rebuild the pointer files 

For connectivity issues see sk98317: Connectivity problems between the Security Gateway and the Log Server, for configuration see sk98126: Best Practices - Configuration of logging from Security Gateway to Security Management Serv...

0 Kudos
Highlighted

Re: retrive logs from a firewall after Management station has been disconnected

Jump to solution
While a gateway is disconnected from the SMS it will store those files locally, to collect those files on the SMS, you ssh to the SMS and go into expert mode.
Type: fw fetchlogs <IP of GW>
Regards, Maarten

View solution in original post

0 Kudos
Highlighted

Re: retrive logs from a firewall after Management station has been disconnected

Jump to solution

Many thanks ! very appreciated

 

0 Kudos