Support Center > Search Results > SecureKnowledge Details
Security Gateway continues to log locally and does not attempt to reconnect to Security Management Server / Log Server
Symptoms
  • After restarting Security Management Server / Domain Management Server / Log Server, logs from Security Gateways are not received - Security Gateways continue to log locally.

  • Output of 'netstat -anp' command on both sides does not show an established connection on TCP port 257 (on which firewall logs are transferred).

  • Restarting FWD daemon on Security Gateways, or Installing Policy / Installing Database in SmartDashboard resolves the issue.

  • Debug of FWD daemon (per sk86321) on Security Gateways during the issue repeatedly shows the following lines:

    log_add_e: waiting for connecting callback (log_connected) to be read
    log_add_e: Write locally ! log record number = XXX
    
                    
            
Cause

During high CPU load on Security Management Server / Log Server when logs are being sent to it, the Security Gateway's FWD daemon (which is responsible for log transfer), has a keep-alive mechanism for checking communication with its "Log Server". Once communication breaks and after a couple of keep-alive rotations, Security Gateway will start logging locally to the $FWDIR/log/fw.log file.

This behavior is by design (Note: the FireWall log file ($FWDIR/log/fw.log) can be fetched from the Security Gateway in the SmartView Tracker, once communication returns - either by the Log Forwarding option, or by Remote Files Management).

In addition, an issue was discovered with reconnecting mechanism on Security Gateway.


Solution
Note: To view this solution you need to Sign In .