Check Point Alert of the Week: Firewall log file increase rate critical – possible connectivity loss to log server

indeni, cisco

This is a real life sample alert from indeni

Description:

Over the period of the last 300 seconds there has been an increase of 1 MB in the size of the log file ($FWDIR/log/fw.log). This is a fairly high number, indicating that it is possible that the firewall cannot reach its log servers or has a slow connection to them.

indeni will re-check this alert every 1 minute. If indeni determines the issue has been resolved, it will automatically be flagged as such.

Manual Remediation Steps:

Check all hardware connections as well as any equipment (such as switches and hubs). If the log traffic is sent over VPN, check the VPN tunnels as well. SK40090 may provide further guidance on this.

How does this alert work?

indeni monitors the size of the fw.log file and alerts if it’s rate of growth is more than 1MB per 5 minutes (these thresholds can be changed).

Interested in learning more? Download for free the official indeni guide to Preemptive Maintenance of Check Point Firewalls. Just fill out the form below:

[ninja_form id=5]

Other Check Point alerts:

Leave a Reply