Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
J_Saun
Contributor
Jump to solution

Notification when firewall stops logging to management station (R65+)

We have a mix of R65 and R77 firewalls that are supposed to log to the management station. We continuously have issues where the firewall stops logging to the mgmt station (and starts logging to itself). Our only fix is to modify the fw object in dashboard, swap out the log server with a dummy, save/push, and the repeat these steps but putting the original log server (the mgmt station) back as the fw objects log server.

 

I haven't been able to find a permanent fix for this issue so I am looking to get a notification when this happens via email or some other mechanism. Is this possible?

 

Thanks

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

On your management server run cpstat -f log_server mg which will show all connected gateways, when the logging connections were first established and the receive rate.  Shouldn't be too hard to script something that runs this command every so often and alerts you if a gateway is not shown.

In regards to those older gateways no longer sending logs, the easiest way to rectify is killing the fwd daemon on the problematic gateway and letting it respawn.  Assuming there are not problems with the log reception mechanism on the SMS I've found this will fix most logging problems, especially on pre-R77 gateways.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
Have you engaged with the TAC on any of these issues? Of course R65 is End of Support so no fixes coming there, same with anything prior to R77.30…
0 Kudos
Timothy_Hall
Champion
Champion

On your management server run cpstat -f log_server mg which will show all connected gateways, when the logging connections were first established and the receive rate.  Shouldn't be too hard to script something that runs this command every so often and alerts you if a gateway is not shown.

In regards to those older gateways no longer sending logs, the easiest way to rectify is killing the fwd daemon on the problematic gateway and letting it respawn.  Assuming there are not problems with the log reception mechanism on the SMS I've found this will fix most logging problems, especially on pre-R77 gateways.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
J_Saun
Contributor

Thanks Timothy.

When I run that command I receive the following message:

Invalid flavour 'log_server' for product 'mg'. Use 'cpstat' without any arguments to see supported products and flavours.

0 Kudos
Timothy_Hall
Champion
Champion

Looks like that option to cpstat was added in R80+ and doesn't exist prior to that.

 

On older SMS's just do this:

 

netstat -an | grep ESTABLISHED | grep ":257"

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events