Hi all,

GW: R81.20

SMS: R81.20, will be upgraded to R82

I have been testing local logging feature, but fw.log will not grow in its size while cpstat fw -f log_connection says the cluster members are saving logs locally due to connectivity problem as follows:

# watch -d -n 10 "cpstat fw -f log_connection"

Every 10.0s: cpstat fw -f log_connection Mon Mar 16 21:21:16 2026

Overall Status: 2
Overall Status Description: Security Gateway is unable to report logs to any
log server
Local Logging Mode Description: Writing logs locally due to connectivity problem
s
Local Logging Mode Status: 2
Local Logging Sending Rate: 0
Log Handling Rate: 0

Log Servers Connections
----------------------------------------------------------
|IP |Status|Status Description |Sending Rate|
----------------------------------------------------------
|10.xxx.x.xxx| 1|Log-Server Disconnected| 0|
----------------------------------------------------------

The target management server has been cpstopped so log server disconnected is an expected output.

I confirmed the value of Local Logging Sending Rate etc. gets updated according to the connection as expected.

However, access control/audit log files in the directory $FWDIR/log/, including rotated logs, seemingly get no updates:

-rw-rw---- 1 admin root 8384 Mar 17 00:00 fw.log
-rw-rw---- 1 admin root 80 Mar 17 00:00 fw.logaccount_ptr
-rw-rw---- 1 admin root 80 Mar 17 00:00 fw.loginitial_ptr
-rw-rw---- 1 admin root 80 Mar 17 00:00 fw.logptr
-rw-rw---- 1 admin root 1526 Mar 17 00:00 fw.logtrack

Some sks tells me that a gateway tries to write logs for every 5 -10 seconds, so I did not expect the modification time of log file to be 00:00.

Is this normal behaviour?