Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
TOM_MORAN
Contributor
Jump to solution

retrive logs from a firewall after Management station has been disconnected

Hi I have a log question.

 

If the Management Station is disconnected from  the firewall due to  ISP outages, The firewall logs locally.

When the Management station reconnects does it:

1) download the local logs of the firewall automatically (I do not believe it does)

2) do we have to download the logs manually ?

    a) is there a procedure for this, noting obvious 

 

Any help is appreciated

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Maarten_Sjouw
Champion
Champion
While a gateway is disconnected from the SMS it will store those files locally, to collect those files on the SMS, you ssh to the SMS and go into expert mode.
Type: fw fetchlogs <IP of GW>
Regards, Maarten

View solution in original post

0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend

I would assume that you use R80.30 here. The firewall logs locally and will reconnect to SMS/Log server if it becomes available. All logs from the meantime will have to be transferred to the log server manually - this is covered in Importing Offline Log Files in R80.30 Logging and Monitoring Administration Guide.

The procedure starts by copying /opt/CPsuite-R80.30/fw1/log/ files. On SMS/Log server, copy to the same directory. If SmartLog can not read it, manually use fw repairlog /opt/CPsuite-R80.20/fw1/log/xxx.log to rebuild the pointer files 

For connectivity issues see sk98317: Connectivity problems between the Security Gateway and the Log Server, for configuration see sk98126: Best Practices - Configuration of logging from Security Gateway to Security Management Serv...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Maarten_Sjouw
Champion
Champion
While a gateway is disconnected from the SMS it will store those files locally, to collect those files on the SMS, you ssh to the SMS and go into expert mode.
Type: fw fetchlogs <IP of GW>
Regards, Maarten
0 Kudos
TOM_MORAN
Contributor

Many thanks ! very appreciated

 

0 Kudos
BikeMan
Contributor

Hi,

Maybe I misunderstood the topics, but I do not use ssh and fw log to get the firewall logs after a disconnected state. In the cluster object definition in SMS, I schedule the log forward (that means I have all logs when connected, and only local log are forwarded) . For sure I have to wait before having the logs, but in case of emergency I can use a manual fetch.

Rgds,

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events