The PhoneBoy Blog

Simplifying Telecom, Mobile Phones, Gadgets, and More!

FireWall-1 FAQ: fw logexport Takes A Long Time or Crashes

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.

I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.

If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)

If fw logexport takes too long or dumps core, here are some options you can try that will help:

-n: Disables name resolution. This should speed the process up significantly. -r size: Sets the "Record Chunk Size" to size. I would start with 1024 and divide in half until it works. Note: if this number is too small, it can increase the amount of time logexport takes.

On a Unix box, another user mananged to fix this problem, by nohup'ing the process

# nohup fw logexport.....

On a Nokia IPSO running 3.6 FCS11 with NG FP2, exporting or even accessing a rotated log larger than 1gb seems to be a hit or miss proposition. A 1.1gb file seems to be readable by the log viewer and can be exported without problems, but a 1.5gb log is completely unreadable - the log viewer disconnects when you try to open the log, and log exports were core dumping at 34% during pass 1. Attempts at "fw repairlog " didn't make the log readable, even with the -u option. The nohup command also didn't work either.

Check Point's online documentation states that logs are automatically rotated at 2gb because they can't work with files larger than that - thereby implying there's a 2gb limit to log file size.

Nokia Tech Support, after hearing all that I'd tried to do to make the log readable, stated that this was a "known issue" with this version, and they recommend upgrading the firewall to NG FP3 HF2, then upgradinging IPSO to 3.7, then upgrading the firewall to NG AI/FP4.

C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.