|
How to
create SecuRemote/Client debug logfiles (4.1)
---------------------------------------------------------------
4.1 SRINFO:
---------------------------------------------------------------
Create a file on the root of C: "fwenc.log"
Open SecureRemote and Download topology
Try to make a connection to something in the encryption domain. When you
get an error, close the SecureRemote Client. Place the SRInfo.exe in the
SecureRemote directory. Open a dos prompt and cd to the SecureRemote
directory. Type the following command: srinfo >srinfo.txt. This will
create a file srinfo.txt in the SecureRemote directory.
----------------------------------------------------------------
NG, 4.1, 4.0 FWMONITOR from FIREWALL:
----------------------------------------------------------------
Run the following command from the bin dir.
fw monitor -e
"accept;" -o output.txt
Use control+C to stop
the capture.
NOTE: FireWall-1 must
be re-started for this change to take effect. Once
you have done that, you cannot use the ipsofwd command to re-enable
flows.
----------------------------------------------------------------
4.1 SRMONITOR:
----------------------------------------------------------------
1) Set the
environment variable in Control Panel\System\Environment.
a) Set the FWIKE_DEBUG=1
b) Set SRDIR = C:\Programs\CheckPoint\Secure Remote
c) Create a dir called log in the Secure Remote dir
d) Create a file on the root of C: called fwenc.log
2) Reboot
3) Extract the srmonitor files to the temp dir of SecuRemote.
4) Start the monitor by issueing the following command
monitor -f monitorfilter.pf -o <outputfile>
Solaris or Linux
(verify that you are in the 'csh' shell for Solaris)
4.1 IKE DEBUG from
FIREWALL:
--------------------------------------------------------------
Windows NT
=========
fwstop
set FWIKE_DEBUG=1
fwstart
You will find the
debug information in the $FWDIR\log\IKE.elg file
UNIX
====
fwstop
setenv FWIKE_DEBUG 1
fwstart
You will find the
debug information in the $FWDIR/log/IKE.elg file
------------------------------------------------------------------------
----
4.1 IKE DEBUG from
SecuRemote/Secure Client:
------------------------------------------------------------------------
----
-----
To set IKE debug in a SecuRemote client machine, do the following:
1. Create the
environment variable FWIKE_DEBUG=1 in the Control Panel >
System 2. On the SecuRemote 4.1 machine, kill SecuRemote, create a log
directory (in $SRDIR directory) and reload SecuRemote.
The file IKE.elg will
be created in the log directory.
monitor - Packet monitoring for SecuRemote 4.1 SP2
Please read the following release notes carefully.
Packet monitoring for
SecuRemote
For:
SR Version: 4.1 SP-2
OS Version: NT
Installation:
Extract the content of monitor.zip into your tmp directory of the
SecuRemote installation (e.g. C:\Program Files\CheckPoint\Securemote\tmp)
Contents:
Monitor.exe:
Monitor Executable.
Syntax 1: monitor -f monitorfilter.pf
Syntax 2: monitor -f monitorfilter.pf -o <outputfile>
Note: Must run in tmp directory of the SR installations
(e.g. C:\Program Files\CheckPoint\Securemote\tmp)
Monit.bat:
Batch file that runs Monitor.exe
Syntax : monit [<outputfile>]
Note: Must run in tmp directory of the SR installations
(e.g. C:\Program Files\CheckPoint\Securemote\tmp)
monitorfilter.pf:
monitorfilter.fc:
monitorfilter.ft:
monitorfilter.lg:
monitorfilter.pf:
monitorfilter.set:
Precompiled files
Important:
------------
All files must be located in tmp directory of the SR installations (e.g.
C:\Program Files\CheckPoint\Securemote\tmp)
23TH
DEC 2002 JIM PARKER
<
back
|