Solved

Checking point 4.1 log files

Posted on 2001-08-23
9
215 Views
Last Modified: 2013-11-16
I use Checkpoint 4.1 in WinNT
I found that the fw log grow very fast.
it make the log view slow...
Can i create new log file for every day.?


0
Comment
Question by:nba
9 Comments
 
LVL 3

Accepted Solution

by:
Bruce_R earned 200 total points
Comment Utility
there's a command called "fw logswitch" it creates new log files and saves the old one with a date stamp.

All you need to do is set this up as a scheduled task. On NT this would be done with the AT command. On Unix you couls set it up as a cron job.
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
there was a little script in the SysAdnmin magazine, june 2001 http://www.sysadminmag.com/articles/2001/0108/
Not shure if this is what you need.
0
 
LVL 3

Expert Comment

by:foad
Comment Utility
here is a script you can use, just use notepad, and save as a .bat

e:
cd\fw1\bin
fw logswitch

e: being whatever drive you have fw1 on.. then like i said just save as a .bat.. double click it and it will run for you switching the log...

also if you know how to use at commands you can run this automatically

Al
0
 
LVL 23

Expert Comment

by:Tim Holman
Comment Utility
In the rulebase, put in anti-logging rules for broadcast traffic - that is, an additional rule for broadcast services with the logging section kept empty.
You may also want to stop logging internal NetBIOS traffic that hits your firewall, plus routing protocols.
That way, at least your logs are full of relevant stuff !!
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Expert Comment

by:paulof
Comment Utility
hi,

- use the "fw logswitch" command and schedule it
- also opent he log viewer -> select options -> and uncheck resolve addresses.

This will turn off the dns on each rule

Cheers
0
 
LVL 1

Expert Comment

by:Computer101
Comment Utility
Hello all,
I am Computer101, a moderator from Experts-Exchange and also an expert within this topic area. This question has been open a long time.  What I am going to do is allow feedback from the questioner and experts.  If it is not resolved, I will delete or accept an answer based on the info I have been given, Experts, feel free to offer input.  I will monitor these questions for a period of 5-7 days and come back and evaluate.  I will have another moderator (who is also an expert in this topic area) look at the question also to ensure we do the right thing for this question.

Thank you
Computer101
Community Support Moderator
0
 
LVL 1

Expert Comment

by:Moondancer
Comment Utility
Have you been helped here so you can accept to grade and close, or is more needed?

For special handling help, please post zero point question with question link (URL) here:
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt

Expert recommendations always welcome, if no response from Asker.

Moondancer
EE Moderator
0
 
LVL 1

Expert Comment

by:Moondancer
Comment Utility
Question(s) below appears to have been abandoned. Your options are:
 
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you. You must tell the participants why you wish to do this, and allow for Expert response.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question. Again, please comment to advise the other participants why you wish to do this.

For special handling needs, please post a zero point question in the link below and include the question QID/link(s) that it regards.
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
 
Please click the Help Desk link on the left for Member Guidelines, Member Agreement and the Question/Answer process.  Click you Member Profile to view your question history and keep them all current with updates as the collaboration effort continues, in the event new items have been created since this listing was pulled.

http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp

To view your open questions, please click the following link(s) and keep them all current with updates.
http://www.experts-exchange.com/questions/Q.20150971.html
http://www.experts-exchange.com/questions/Q.20146220.html
http://www.experts-exchange.com/questions/Q.20151989.html
http://www.experts-exchange.com/questions/Q.20160043.html
http://www.experts-exchange.com/questions/Q.20183375.html
http://www.experts-exchange.com/questions/Q.20187562.html
http://www.experts-exchange.com/questions/Q.20161342.html
http://www.experts-exchange.com/questions/Q.20194993.html


To view your locked questions, please click the following link(s) and evaluate the proposed answer.
http://www.experts-exchange.com/questions/Q.11348677.html
http://www.experts-exchange.com/questions/Q.11427858.html
http://www.experts-exchange.com/questions/Q.20172707.html
http://www.experts-exchange.com/questions/Q.11494399.html
http://www.experts-exchange.com/questions/Q.11487458.html

PLEASE DO NOT AWARD THE POINTS TO ME.  
 
------------>  EXPERTS:  Please leave any comments regarding this question here on closing recommendations if this item remains inactive another three days.
 
Thank you everyone.
 
Moondancer
Moderator @ Experts Exchange


P.S.  For any year 2000 questions, special attention is needed to ensure the first correct response is awarded, since they are not in the comment date order, but rather in Member ID order.
0
 
LVL 5

Expert Comment

by:Netminder
Comment Utility
Force-accepted by
Netminder
CS Moderator
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now