Moe Trin
Guest
|
 Posted:
Fri Dec 16, 2005 1:52 am Post subject:
Re: Check Point NG Cluster Logging issue |
|
|
| Quote: | We have a cluster of two NG firewalls. The logging on member-1 is off by a
couple of hours and The firewall logs locally. The member-2 is working
beautifully.
|
"a couple of hours" meaning exactly what?
| Quote: | When I perform a cprestart member-1, it would log to the SmartCenter
(management server) normally but then slowly the logs fall behind in time
until it is a couple of hours behind again.
|
"slowly the logs fall behind" meaning that
1. Initially - the time is correct
2. After one hour, the time has _drifted_ XX minutes
3. After two hours, the time has _drifted_ 2 XX minutes
4. After three hours, the time has _drifted_ 3 XX minutes
Does the time difference ever stop drifting?
| Quote: | I had checked Check Point knowlegeBase and had verified the day light saving
time settings on the member-firewalls and the SmartCenter. I have also
checked log servers used.
|
Daylight Saving Time is exactly one hour - no more, no less. The result
of selecting the wrong time zone would (with few exceptions) be a time
difference of some multiple of 60 minutes (one hour) exactly. There are a
few locations around the world where the time zone is not exactly a
multiple of hours - such as Newfoundland (-3:30), the center of Australia
(+09:30), and several nearby islands (Lord Howe, Nauru and Norfolk = +11:30),
Afghanistan (+4:30), India (+5:30), Iran (+3:30), Nepal (+5:45), and so on.
Selection of a "wrong" time zone (which also effects DST) or date would
result in a "fixed" error, not a drift.
| Quote: | I'm seeking advise wherelse should I look for to trouble shoot this
incident. Your assistance is much appreciated.
|
On the individual firewalls - what is the "local" time. The command needed
is probably something like 'date' or 'time' - see the manual, or it may be
shown on a web page from the server. Most computers do not use a hardware
clock (such as the BIOS clock on your PC) to keep track of time when the
system is running (the BIOS clock keeps track of time when the power is
off). Using your windoze box as an example, the O/S has an interrupt routine
driven by a counter to cause the O/S's idea of time to be incremented some
number of times per second (the original IBM PC running DOS kept track of
time by being interrupted 18.5 times a second). If the setting of that
counter is wrong, the O/S idea of time will drift by the ratio of the
normal verses incorrect counter setting. Another form of error occurs when
the computer gets to busy, and neglects to respond to those interrupts.
As the "time" is incremented by the interrupt, missing the interrupt will
mean that the time is not incremented - falling behind the real wall clock.
Old guy |
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in