Solved

Checkpoint - html rule export & log viewer slow down

Posted on 2002-07-03
12
1,229 Views
Last Modified: 2007-12-19
Can anyone tell me how you can export the rule base to an html page?

Also, why if the system is 99% idle, nothing funny going on, would the log  viewer slow down so much that you can't export the log/view it "slow response from server" being the message?
0
Comment
Question by:mattsanford
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 60 total points
ID: 7127089
For the first question on dumping the rules base, see http://www.phoneboy.com/faq/0118.html

For the bit on the speed of the log viewer, this is because the logs are probably very very large.  So, even if the system  is 99% idle CPU wise, the disk may be furiously churning away to read the logs (and the subsystem that does this is not terribly efficient). The solution is to flip the logs so each log file is relatively small.
0
 
LVL 23

Assisted Solution

by:Tim Holman
Tim Holman earned 60 total points
ID: 7127149
fwrules, plus perl binaries will do this for you.  fwrulesarchive.zip is on Chris's link above.
In the second instance, log viewer with 4.1 is traditionally slow.  It's one big flat text file, and is slow and cumbersome by nature.
Try logswitching every day, cutting down what actually is allowed to log, and defragging your hard disk.  The file is probably spread all over the place.
You do not get this behaviour with NG - it's a proper database format and whizzes by.
0
 

Author Comment

by:mattsanford
ID: 7127298
Thanks both - the link looks interesting.
Yeah I know the log is cumbersome (to say the least!) but I do logswitch every day (and even wrote a tool to analyse the fipping things) and normally it's ok - export it first then switch it but for some reason it's been dog slow two days running at a time few people are using it...
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Expert Comment

by:jbmarzio
ID: 7164641
Have check name resolution, i.e. are you displaying / exporting logs with IP address or names (dns/hosts) ?
0
 

Author Comment

by:mattsanford
ID: 7164691
I'm not 100% sure I follow you - as far as I am aware DNS doesn't come into it? Just IP addresses at least - you create objects in FW1 which get mapped to IP addresses as they pass throught the FW. Other than that it's just IPs that show up if there's no object created for that IP.
0
 

Expert Comment

by:jbmarzio
ID: 7164730
About the log diplay, have you unselected the option of name resolution ? (DNS / Hosts resolution occurs for each line of log else, and incorrect DNS access just produces long time out...)
0
 

Expert Comment

by:jbmarzio
ID: 7164759
excuse me for posting twice.
No, You use Name to IP mapping in your policy, but unknown IP may been resolved (from the management) by DNS resolution. With a NG version, try in the menu Tools entry "Resolve Addresses". On 4.1 version, look in selection / Options, box Name Resolution....
Hope this helps...
0
 

Author Comment

by:mattsanford
ID: 7164764
I didn't know that! Thank you. I have taken it off and I will see what happens.... it sounds like that's it though.
0
 

Expert Comment

by:jbmarzio
ID: 7164767
excuse me for posting twice.
No, You use Name to IP mapping in your policy, but unknown IP may been resolved (from the management) by DNS resolution. With a NG version, try in the menu Tools entry "Resolve Addresses". On 4.1 version, look in selection / Options, box Name Resolution....
Hope this helps...
0
 

Author Comment

by:mattsanford
ID: 7164989
It looks like it's still freezing. I will reload it soon and try again. I will post the results tomorrow. Thanks again for your help.
0
 
LVL 5

Expert Comment

by:zenlion420
ID: 9711624
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts be split between chris_calabrese and tim_holman.
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
0

Featured Post

Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ready for our next Course of the Month? Here's what's on tap for June.
Here's a look at newsworthy articles and community happenings during the last month.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question