FireWall-1 FAQ: Can't Rotate Logs
Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.
I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.
If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)
Q:
Ever since I installed patch 3064 on FireWall-1 3.0b, it appears that I can not properly rotate my log files with ‘fw logswitch.’ Any workarounds to this problem?
A:
Jerald Josephs gets credited for the new-and-improved way of working around this on Unix or NT
- fw logswitch
- fw kill fwd
- Remove $FWDIR/log/fw.logtrack
- fwd
On Windows NT, you need to make sure your FireWall-1 Service is Running as Administrator. See ‘fw logswitch’ Does Not Work on NT
Note: Your security policy will remain in effect, even during the brief time that fwd is down except on NT where an fwstop and fwstart is required.
Jeremy Pilkey reports that it is only necessary to remove the fw.logtrack file (e.g. a restart of FireWall-1 isn’t needed). I would only use this method if you are not using any OPSEC-compliant logging tools as the fw.logtrack file is used by those programs.