Subscribe to the Blog

Get articles sent directly to your inbox.

Check Point Alert of the Week: Firewall log file increase rate critical – possible connectivity loss to log server

Posted by on August 15, 2014 in Alerts, Check Point

This is a real life sample alert from Indeni

Description:

Over the period of the last 300 seconds there has been an increase of 1 MB in the size of the log file ($FWDIR/log/fw.log). This is a fairly high number, indicating that it is possible that the firewall cannot reach its log servers or has a slow connection to them.

indeni will re-check this alert every 1 minute. If indeni determines the issue has been resolved, it will automatically be flagged as such.

Manual Remediation Steps:

Check all hardware connections as well as any equipment (such as switches and hubs). If the log traffic is sent over VPN, check the VPN tunnels as well. SK40090 may provide further guidance on this.

How does this alert work?

indeni monitors the size of the fw.log file and alerts if it’s rate of growth is more than 1MB per 5 minutes (these thresholds can be changed).

Additional Resources
Check Point appliances refresh: how do you compare?

Check Point Firewalls Alert of the Week

BlueCat acquires Indeni to boost its industry-leading DNS, DHCP and IP address management platform to help customers proactively assess network health and prevent outages.

Learn More