Debugging the Security Servers
In FireWall-1 4.1 and earlier, in order to debug the Security Servers, you were required to set environment variables and restart the fwd process. In FireWall-1 NG, you can now perform debugging without restarting any processes. When these variables are set, FireWall-1 logs the information generated into the various files in $FWDIR/log. Each Security Server has its own file with a .elg extension (e.g., the HTTP Security Server has ahttpd.elg, the FTP Security Server has ftpd.elg, and so on).
To enable debugging for the HTTP Security Server, issue the following command from your firewall module:
# fw debug on in.ahttpd FWAHTTPD_LEVEL=3
To disable debugging, issue the following command from your firewall module:
# fw debug off in.ahttpd FWAHTTPD_LEVEL=3
To enable debugging for the other Security Servers, use similar syntax. Table 9.3 shows the variables to set for the Security Servers. You can assign the variables values of 1 through 3. The larger the number, the more verbose the debugging information.
This method permits setting only one environment variable at a time, which means multiple Security Servers cannot be debugged. If you need to debug multiple Security Servers, you need to manually set the environment variables on the command line. The following example on a UNIX-based firewall using a Bourne-type shell shows you how to enable debugging for the HTTP Security Server and the SMTP mdq process.
# fw kill fwd # FWAHTTPD_LEVEL=3; export FWAHTTPD_LEVEL # FWMDQ_LEVEL=3; export FWMDQ_LEVEL # fwd
Table 9.3. Debug variables for the Security Servers
Variable |
Description |
---|---|
FWAHTTPD_LEVEL |
Debug information from the HTTP Security Server (in.ahttpd) |
FWAFTPD_LEVEL |
Debug information from the FTP Security Server (in.aftpd) |
FWACLIENTD_LEVEL |
Debug information from the Client Authentication daemon over Telnet (in.aclientd) |
FWAHCLIENTD_LEVEL |
Debug information from the Client Authentication daemon over HTTP (in.ahclientd) |
FWASMTPD_LEVEL |
Debug information from the SMTP Security Server receiving process (in.asmtpd) |
FWMDQ_LEVEL |
Debug information from the SMTP Security Server mail dequeuer process (mdq) |
FWARLOGIND_LEVEL |
Debug information from the rlogin Security Server (in.arlogind) |
FWATELNETD_LEVEL |
Debug information from the Telnet Security Server (in.atelnetd) |
FWGENERICD_LEVEL |
Debug information from the TCP Security Server (in.genericd) |
To do this on a Windows-based firewall, use the following commands.
> fw kill fwd > SET FWAHTTPD_LEVEL=3 > SET FWMDQ_LEVEL=3 > fwd