cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Highlighted
J_Saun
Nickel

Notification when firewall stops logging to management station (R65+)

Jump to solution

We have a mix of R65 and R77 firewalls that are supposed to log to the management station. We continuously have issues where the firewall stops logging to the mgmt station (and starts logging to itself). Our only fix is to modify the fw object in dashboard, swap out the log server with a dummy, save/push, and the repeat these steps but putting the original log server (the mgmt station) back as the fw objects log server.

 

I haven't been able to find a permanent fix for this issue so I am looking to get a notification when this happens via email or some other mechanism. Is this possible?

 

Thanks

0 Kudos
1 Solution

Accepted Solutions

Re: Notification when firewall stops logging to management station (R65+)

Jump to solution

On your management server run cpstat -f log_server mg which will show all connected gateways, when the logging connections were first established and the receive rate.  Shouldn't be too hard to script something that runs this command every so often and alerts you if a gateway is not shown.

In regards to those older gateways no longer sending logs, the easiest way to rectify is killing the fwd daemon on the problematic gateway and letting it respawn.  Assuming there are not problems with the log reception mechanism on the SMS I've found this will fix most logging problems, especially on pre-R77 gateways.

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos
4 Replies
Admin
Admin

Re: Notification when firewall stops logging to management station (R65+)

Jump to solution
Have you engaged with the TAC on any of these issues? Of course R65 is End of Support so no fixes coming there, same with anything prior to R77.30…
0 Kudos

Re: Notification when firewall stops logging to management station (R65+)

Jump to solution

On your management server run cpstat -f log_server mg which will show all connected gateways, when the logging connections were first established and the receive rate.  Shouldn't be too hard to script something that runs this command every so often and alerts you if a gateway is not shown.

In regards to those older gateways no longer sending logs, the easiest way to rectify is killing the fwd daemon on the problematic gateway and letting it respawn.  Assuming there are not problems with the log reception mechanism on the SMS I've found this will fix most logging problems, especially on pre-R77 gateways.

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos
J_Saun
Nickel

Re: Notification when firewall stops logging to management station (R65+)

Jump to solution

Thanks Timothy.

When I run that command I receive the following message:

Invalid flavour 'log_server' for product 'mg'. Use 'cpstat' without any arguments to see supported products and flavours.

0 Kudos

Re: Notification when firewall stops logging to management station (R65+)

Jump to solution

Looks like that option to cpstat was added in R80+ and doesn't exist prior to that.

 

On older SMS's just do this:

 

netstat -an | grep ESTABLISHED | grep ":257"

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos