In FireWall-1 4.1 and earlier, in order to debug the Security Servers, you were required to set environment variables and restart the fwd process. In FireWall-1 NG, you can now perform debugging without restarting any processes. When these variables are set, FireWall-1 logs the information generated into the various files in $FWDIR/log . Each Security Server has its own file with a .elg extension (e.g., the HTTP Security Server has ahttpd.elg , the FTP Security Server has ftpd .elg , and so on). To enable debugging for the HTTP Security Server, issue the following command from your firewall module: # fw debug on in.ahttpd FWAHTTPD_LEVEL=3 To disable debugging, issue the following command from your firewall module: # fw debug off in.ahttpd FWAHTTPD_LEVEL=3 To enable debugging for the other Security Servers, use similar syntax. Table 9.3 shows the variables to set for the Security Servers. You can assign the variables values of 1 through 3 . The larger the number, the more verbose the debugging information. Table 9.3. Debug variables for the Security Servers
This method permits setting only one environment variable at a time, which means multiple Security Servers cannot be debugged . If you need to debug multiple Security Servers, you need to manually set the environment variables on the command line. The following example on a UNIX-based firewall using a Bourne-type shell shows you how to enable debugging for the HTTP Security Server and the SMTP mdq process. # fw kill fwd # FWAHTTPD_LEVEL=3; export FWAHTTPD_LEVEL # FWMDQ_LEVEL=3; export FWMDQ_LEVEL # fwd To do this on a Windows-based firewall, use the following commands. > fw kill fwd > SET FWAHTTPD_LEVEL=3 > SET FWMDQ_LEVEL=3 > fwd |