fw [-d] logswitch

[-audit] [<Name of Switched Log>]

-h <Target> [[+ | -]<Name of Switched Log>]

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

-audit

Specifies to switch the active Audit log file ($FWDIR/log/fw.adtlog).

You can use this parameter only on a Management Server.

-h <Target>

Specifies the remote computer, on which to switch the log.

Notes:

• The local and the remote computers must have established SIC trust.
• The remote computer can be a Security Gateway, a Log Server, or a Security Management Server in High Availability deployment.
• You can specify the remote managed computer by its main IP address or Object Name as configured in SmartConsole.

<Name of Switched Log>

Specifies the name of the switched log file.

Notes:

• If you do not specify this parameter, then a default name is:

  <YYYY-MM-DD_HHMMSS>.log

  <YYYY-MM-DD_HHMMSS>.adtlog

  For example, 2018-03-26_174455.log

• If you specify the name of the switched log file, then the name of the switch log file is:

  <Specified_Log_Name>.log

  <Specified_Log_Name>.adtlog

• The log switch operation fails if the specified name for the switched log matches the name of an existing log file.
• The maximal length of the specified name of the switched log file is 230 characters.

+

Specifies to copy the active log from the remote computer to the local computer.

Notes:

• If you specify the name of the switched log file, you must write it immediately after this + (plus) parameter.
• The command copies the active log from the remote computer and saves it in the $FWDIR/log/ directory on the local computer.
• The default name of the saved log file is:

  <Gateway_Object_Name>__<YYYY-MM-DD_HHMMSS>.log

  For example, MyGW__2018-03-26_174455.log

• If you specify the name of the switched log file, then the name of the saved log file is:

  <Gateway_Object_Name>__<Specified_Log_Name>.log

• When this command copies the log file from the remote computer, it compresses the file.

-

Specifies to transfer the active log from the remote computer to the local computer.

Notes:

• The command saves the copied active log file in the $FWDIR/log/ directory on the local computer and then deletes the switched log file on the remote computer.
• If you specify the name of the switched log file, you must write it immediately after this - (minus) parameter.
• The default name of the saved log file is:

  <Gateway_Object_Name>__<YYYY-MM-DD_HHMMSS>.log

  For example, MyGW__2018-03-26_174455.log

• If you specify the name of the switched log file, then the name of the saved log file is:

  <Gateway_Object_Name>__<Specified_Log_Name>.log

• When this command transfers the log file from the remote computer, it compresses the file.
• As an alternative, you can use the fw fetchlogs command.

[Expert@MGMT:0]# fw logswitch

Log file has been switched to: 2018-06-13_182359.log

[Expert@MGMT:0]#

[Expert@MGMT:0]# fw logswitch -audit

Log file has been switched to: 2018-06-13_185711.adtlog

[Expert@MGMT:0]#

[Expert@MGMT:0]# fw logswitch -h MyGW

Log file has been switched to: 2018-06-13_185451.log

[Expert@MGMT:0]#

[Expert@MGMT:0]# ls $FWDIR/log/*.log

/opt/CPsuite-R80.30/fw1/log/fw.log

/opt/CPsuite-R80.30/fw1/log/MyGW__2018-06-13_185451.log

[Expert@MGMT:0]

[Expert@MGMT:0]# fw logswitch -h MyGW +

Log file has been switched to: 2018-06-13_185451.log

[Expert@MGMT:0]#

[Expert@MGMT:0]# ls $FWDIR/log/*.log

/opt/CPsuite-R80.30/fw1/log/fw.log

/opt/CPsuite-R80.30/fw1/log/MyGW__2018-06-13_185451.log

[Expert@MGMT:0]#

[Expert@MyGW:0]# ls $FWDIR/log/*.log

/opt/CPsuite-R80.30/fw1/log/fw.log

/opt/CPsuite-R80.30/fw1/log/2018-06-13_185451.log

[Expert@MyGW:0]#