Wednesday, October 26, 2011
And ofcoz good practice to enable logging when u are in trouble
fwm load -d
Monday, October 24, 2011
fw log displays the content of log files. The full syntax of the fw log command is as follows:
fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert_name|all)] [-g] [logfile]
The optional switches for
fw log are as follows:
After reaching the end of the currently displayed file, do not exit (the default behavior), but continue to monitor the log file indefinitely, and display it while it is being written. The
-t parameter indicates that the display is to begin at the end of the file. The display will initially be empty, and only new records added later will be displayed.
-t is used with a
-f flag. These flags are relevant only for active files.
Do not perform DNS resolution of the IP addresses in the log file (the default behavior). This option significantly speeds up processing.
Display both the date and the time for each log record. (The default is to show the date only once above the relevant records, and then specify the time per log record.)
Show detailed log chains (all log segments a log record consists of).
Display only events whose action is action, i.e., accept, drop, reject, authorize, deauthorize, encrypt, and decrypt. Control actions are always displayed.
Display only the log whose origin is the specified IP address or name.
Display only events that were logged after the specified time. (See format below.) starttime may be a date, time, or both. If the date is omitted, today’s date is assumed.
Display only events that were logged before the specified time. (See format below) endtime may be a date, a time, or both.
-b starttime endtime
Display only events that were logged between the specified start and end times (format below), each of which may be a date, time, or both. If date is omitted, today’s date is assumed. The start and end times are expected after the flag.
Unification-scheme filename. (The unification-scheme specifies the precise manner, in which logs are processed, per selected unification mode.)
This flag specifies the unification mode.
initial - the default mode, specifying complete unification of log records; i.e., output one unified record for each ID (default). When used together with
-f, no updates, but only entries relating to the start of new connections will be displayed. To display updates, use the
semi - step-by-step unification; for each log record, output a record that unifies this record with all previously-encountered records with the same ID.
raw - outputs all records, with no unification.
Output account-log records only.
Display only events that match a specific alert type. The default is all, for any alert type.
Do not use a delimited style. The default is:
* : after field name
* ; after field value
Use logfile instead of the default log file. The default log file is
DATE & TIME FORMAT:
The full date-and-time format is:
MMM DD, YYYY HH:MM:SS (for example: May 26, 1999 14:20:00)
It is possible to specify date only in the format
MMM DD, YYYY, or time only, in the format:
HH:MM:SS. In the format, where time only is specified, the current date is assumed.
fw log | more
fw log -c reject
fw log -s "May 26, 1999"
fw log -f -s 16:00:00
Friday, October 14, 2011
Debugging CPD :
CPD is a high in the hierarchichal chain and helps to execute many services, such as Secure
Internal Communcation (SIC), Licensing and status report.
For CPD debug, execute:
cpd_admin debug on TDERROR_ALL_ALL=5
The debug file is located under $CPDIR/log/cpd.elg
To stop the CPD debug, execute: % cpd_admin debug off TDERROR_ALL_ALL=1
The FWM process is responsible for the execution of the database activities of the
SmartCenter server. It is; therefore, responsible for Policy installation, Management High
Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log
For FWM debug, execute:
fw debug fwm on TDERROR_ALL_ALL=5
fw debug fwm on OPSEC_DEBUG_LEVEL=9
The debug file is located under $FWDIR/log/fwm.elg
To stop the FWM debug, execute:
fw debug fwm off TDERROR_ALL_ALL=1
fw debug fwm off OPSEC_DEBUG_LEVEL=1
Debugging FWD :
The FWD process is responsible for logging. It is executed in relation to logging, Security
Servers and communication with OPSEC applications.
For FWD debug, execute: fw debug fwd debug on TDERROR_ALL_ALL=5
The debug file is located under $FWDIR/log/fwd.elg
To stop the FWD debug, execute: % fw debug fwd off TDERROR_ALL_ALL=1
TIP : echo $TDERROR_ALL_ALL will let you know the debug level
Monday, October 3, 2011
In Voyager Monitor option select CPU and Memory Utilization . This gives you the Total Real Memory, Active Real Memory and the Free Memory available on the appliance.
For console access use clish to display the Real Memory Used. This value is displayed in terms of percentage value.
clish:1> show useful-stats
Active Routes 4
Packets Forwarded 0
VRRP Masters 0
Real Memory Used 22%
Disk Capacity 11%
Note: The real physical memory output gathered from Voyager is taken from the kernel directly.