Buenos dias: hace una semana mas o menos actualice el forti (60b) a v4.0,build0194,100121 (MR1 Patch 3) desde ese dia cada 3 o 4 dias deja de loguearme el trafico, reseteo el equipo y comienza a funcionar bien.
A que se debe?
Que tengo que hacer?
Saludos
LOGS
Re: LOGS
Gabi: gracias por responder.
Ni en memoria ni en ningun lado.
Viste que hay un panel que dice Log and Archive statictics? Ni ahi se ve. Pero reinicio el forti y santo remedio, comienza a loguear normalmente.
Me aparece de vez en cuando tambien en Alert message console otro mensaje que no me acuerdo exactamente como era pero algo asi como que alcanzo el limite por xx segundos.
Saludos
Ni en memoria ni en ningun lado.
Viste que hay un panel que dice Log and Archive statictics? Ni ahi se ve. Pero reinicio el forti y santo remedio, comienza a loguear normalmente.
Me aparece de vez en cuando tambien en Alert message console otro mensaje que no me acuerdo exactamente como era pero algo asi como que alcanzo el limite por xx segundos.
Saludos
Re: LOGS
Hola, ojo que si te alerta ese mensaje puede que tengas sobrecargado el equipo y este rechazando conexiones.
[Debes identificarte para poder ver enlaces.]
revisa los links que hay debajo en ese articulo.
saludos
[Debes identificarte para poder ver enlaces.]
revisa los links que hay debajo en ese articulo.
saludos
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst
Re: LOGS
Hola, te dejo un articulo que te ayudara a revisar que proceso consume mas
[Debes identificarte para poder ver enlaces.]
[Debes identificarte para poder ver enlaces.]
saludos
[Debes identificarte para poder ver enlaces.]
[Debes identificarte para poder ver enlaces.]
saludos
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst
Re: LOGS
Gabi: hice lo que lei en los documentos y me salio lo siguiente
Despues hice un
diagnose sys kill 11 44 sobre el 44 que es el ipsengine que es el que mas memoria me consume y el uso me bajo a 69 %.
entre a UTM, intrusion protection me fije que habia y en los protection profile destilde todo lo que habia (de IPS) , pero la memoria sigue igual entre 69 y 77%.
Que otra sugerencia tenes?
Saludos
FGT60B3908638659 # diagnose sys top 5 20
Run Time: 0 days, 5 hours and 38 minutes
7U, 1S, 91I; 248T, 56F, 106KF
ipsengine 44 S < 0.9 10.4
newcli 17217 R 0.9 4.9
httpsd 63 S 0.0 7.9
httpsd 69 S 0.0 7.4
cmdbsvr 18 S 0.0 6.7
httpsd 17197 S 0.0 5.9
httpsd 26 S 0.0 5.7
thttp 42 S 0.0 5.4
scanunitd 202 S < 0.0 5.0
fgfmd 65 S 0.0 4.9
newcli 17206 S 0.0 4.9
miglogd 24 S 0.0 4.8
urlfilter 47 S 0.0 4.6
merged_daemons 45 S 0.0 4.3
cw_acd 67 S 0.0 4.3
fdsmgmtd 54 S 0.0 4.2
scanunitd 195 S < 0.0 4.2
updated 53 S 0.0 4.1
authd 50 S 0.0 4.1
snmpd 56 S 0.0 4.0
Despues hice un
diagnose sys kill 11 44 sobre el 44 que es el ipsengine que es el que mas memoria me consume y el uso me bajo a 69 %.
entre a UTM, intrusion protection me fije que habia y en los protection profile destilde todo lo que habia (de IPS) , pero la memoria sigue igual entre 69 y 77%.
Que otra sugerencia tenes?
Saludos
Re: LOGS
Hay otra cosa rara, es que me aparecio el mensaje en un horario en donde no hay nadie aca:
2010-05-19 04:57:12 Fortigate has reached system connection limit for 100 seconds
2010-05-18 19:47:14 Fortigate has reached system connection limit for 90 seconds
Saludos
2010-05-19 04:57:12 Fortigate has reached system connection limit for 100 seconds
2010-05-18 19:47:14 Fortigate has reached system connection limit for 90 seconds
Saludos
Re: LOGS
Hola, como estas¿? Puede que sea alguna maquina prendida y que tengas desde algun p2p, virus. u otra apliacion que tenga muchos servicios activos.
estas filtrando puertos? etsas bloqueando apliaciopnes con aplication control ?
saludos
estas filtrando puertos? etsas bloqueando apliaciopnes con aplication control ?
saludos
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst
Re: LOGS
Seria raro, se apaga todo menos los servidores.
Si controlo aplicaciones, tengo algunos puertos abiertos, pocos, trato de controlar todo.
Otra cosa que pude ver es que entra en modo conservador cuando baja las actualizaciones del forti.
Esto comenzo ni bien cambie el firmeware (pase de la version 3 al 4)
Saludos
Si controlo aplicaciones, tengo algunos puertos abiertos, pocos, trato de controlar todo.
Otra cosa que pude ver es que entra en modo conservador cuando baja las actualizaciones del forti.
Esto comenzo ni bien cambie el firmeware (pase de la version 3 al 4)
Saludos
Re: LOGS
Si, tengo Scheduled Update --> daily 4 hour, no se porque intento actulizar a las 8 de la noche.
6 2010-05-19 05:32:16 notice pattern 38149 Fortigate push update virdb(11.00958) extdb(11.00958) idsdb(2.00810) aven(3.00013) idsen(1.00129) from 61.204.170.252:443
7 2010-05-19 04:57:21 notice pattern 38149 Fortigate scheduled update virdb(11.00958) extdb(11.00958) idsdb(2.00810) aven(3.00013) idsen(1.00129) from 174.137.33.89:443
8 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
9 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
10 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
11 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
12 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
13 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
14 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
15 2010-05-19 04:57:12 critical system 36866 The system exited system conserve mode
16 2010-05-19 04:57:12 notice pattern 38149 Fortigate push update virdb(11.00956) extdb(11.00956) idsdb(2.00810) aven(3.00013) idsen(1.00129) from 208.91.112.76:443
17 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
18 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
19 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
20 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
21 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
22 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
23 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
24 2010-05-19 04:55:32 critical system 36866 The system has entered system conserve mode
25 2010-05-18 20:22:58 notice pattern 38149 Fortigate push update virdb(11.00956) extdb(11.00956) idsdb(2.00810) aven(3.00013) idsen(1.00129) from 208.91.112.72:443
26 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
27 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
28 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
29 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
30 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
31 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
32 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
33 2010-05-18 19:47:14 critical system 36866 The system exited system conserve mode
34 2010-05-18 19:47:14 notice pattern 38149 Fortigate push update virdb(11.00955) extdb(11.00955) idsdb(2.00810) aven(3.00013) idsen(1.00129) from 216.156.209.20:443
35 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
36 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
37 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
38 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
39 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
40 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
41 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
42 2010-05-18 19:45:44 critical system 36866 The system has entered system conserve mode
Que me aconsejas que haga?
El uso de la memoria sigue alto 77%.
Saludos
6 2010-05-19 05:32:16 notice pattern 38149 Fortigate push update virdb(11.00958) extdb(11.00958) idsdb(2.00810) aven(3.00013) idsen(1.00129) from 61.204.170.252:443
7 2010-05-19 04:57:21 notice pattern 38149 Fortigate scheduled update virdb(11.00958) extdb(11.00958) idsdb(2.00810) aven(3.00013) idsen(1.00129) from 174.137.33.89:443
8 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
9 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
10 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
11 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
12 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
13 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
14 2010-05-19 04:57:12 critical system 36866 The system has deactivated session fail mode
15 2010-05-19 04:57:12 critical system 36866 The system exited system conserve mode
16 2010-05-19 04:57:12 notice pattern 38149 Fortigate push update virdb(11.00956) extdb(11.00956) idsdb(2.00810) aven(3.00013) idsen(1.00129) from 208.91.112.76:443
17 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
18 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
19 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
20 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
21 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
22 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
23 2010-05-19 04:55:32 critical system 36866 The system has activated session fail mode
24 2010-05-19 04:55:32 critical system 36866 The system has entered system conserve mode
25 2010-05-18 20:22:58 notice pattern 38149 Fortigate push update virdb(11.00956) extdb(11.00956) idsdb(2.00810) aven(3.00013) idsen(1.00129) from 208.91.112.72:443
26 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
27 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
28 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
29 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
30 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
31 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
32 2010-05-18 19:47:14 critical system 36866 The system has deactivated session fail mode
33 2010-05-18 19:47:14 critical system 36866 The system exited system conserve mode
34 2010-05-18 19:47:14 notice pattern 38149 Fortigate push update virdb(11.00955) extdb(11.00955) idsdb(2.00810) aven(3.00013) idsen(1.00129) from 216.156.209.20:443
35 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
36 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
37 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
38 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
39 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
40 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
41 2010-05-18 19:45:44 critical system 36866 The system has activated session fail mode
42 2010-05-18 19:45:44 critical system 36866 The system has entered system conserve mode
Que me aconsejas que haga?
El uso de la memoria sigue alto 77%.
Saludos
Re: LOGS
hola,
Te recomiendo actualizar al patch 4 de mr1.
tambiewn, que dns usas en el fortigate?
probaste de usar en la configuracion del fortiguard el puerto alternativo? en vez de 53 que sea 8888?
Si sigue, abri un ticket con soporte explicandole todo lo que mas puedas y enviale esos comandos como tambien el diag sys top
saludos
Te recomiendo actualizar al patch 4 de mr1.
tambiewn, que dns usas en el fortigate?
probaste de usar en la configuracion del fortiguard el puerto alternativo? en vez de 53 que sea 8888?
Si sigue, abri un ticket con soporte explicandole todo lo que mas puedas y enviale esos comandos como tambien el diag sys top
saludos
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst