Support Center > Search Results > SecureKnowledge Details
Log server stops receiving logs from the connected Security Gateways
Symptoms
  • When the Security Gateway stops logging to the Security Management, the fwd.elg file from the gateway shows:
    logbuf_write: writes logs to local disk because overflow
    [FWD PID]@Host[DATE TIME] ...--> changeWritingLogStatusToLocal
    [FWD PID]@Host[DATE TIME] ...<-- changeWritingLogStatusToLocal
    [FWD PID]@Host[DATE TIME] ...--> create_default_log
    [FWD PID]@Host[DATE TIME] ....--> connect_to_server
    [FWD PID]@Host[DATE TIME] connect_to_server: server default 
    [FWD PID]@Host[DATE TIME] .....--> connect_to_local_server
    [FWD PID]@Host[DATE TIME] connect_to_local_server: connected to local server successfuly
    [FWD PID]@Host[DATE TIME] .....<-- connect_to_local_server
    [FWD PID]@Host[DATE TIME] ....<-- connect_to_server
    [FWD PID]@Host[DATE TIME] create_default_log: connected to default log server
    [FWD PID]@Host[DATE TIME] create_default_log: Buffer Overflow ! Save the cyclic buffer content locally. 
                              Start at -736046511363719168, end at 177840790
    [FWD PID]@Host[DATE TIME] SetThatAllLogSent: m_nLastSent = 177840791, m_oaLogRecs.size=64000
    [FWD PID]@Host[DATE TIME] ....--> disconnect_from_server
    [FWD PID]@Host[DATE TIME] disconnect_from_server: default still backups other servers, don't disconnect
    [FWD PID]@Host[DATE TIME] ....<-- disconnect_from_server
    [FWD PID]@Host[DATE TIME] create_default_log: disconnected from default log server
    
  • Logging process debug shows:
     fwd.elg (Log server side) - ImportFromBuffer_5_X: log write fail for module [IP address]
    
    initSyslogServers: failed to read log servers configuration from gateway's settings
     CBinaryLogFile::WriteLog error: fail to GetFileStringId for alert
     CLogFile::WriteLog: error: status false after write log
     log_local_write: fail on WriteLog 2
     ImportFromBuffer_5_X: log write fail for module 10.x.x.x
     ImportFromBuffer_5_X: no diskspace left, stopped logging.
     stop_logging: stopping logging
     stop_listen_for_log_clients: stop listening on log socket.
     End connection with CN=fw...,O=[name]
     End connection with CN=fw...,O=[name]
     start_logging: starting logging
     Remote FireWall CN=fw...,O=[name] is connected
     Remote FireWall CN=fw...,O=[name] is connected
     Unable to open '/dev/fw0': No such file or directory
     Unable to open '/dev/fw0': No such file or directory
     Signal 15 received: Number: 15; errno: 0; Code 0; Sending PID: 94086; Real sending UID: uid 0; Status: 0; Band: 94086; fd: 0;
     FireWall-1 daemon going to die on sig  15
     clean up operations..
    
Cause

The log server miscalculated the available disk space.


Solution
Note: To view this solution you need to Sign In .