
Schedule Swapping or archiving of Firewall-1 Logs


Part of CPFW1TK -- CheckPoint Firewall-1 Tool Kit
	by JP Vossen <jp@jpsdomain.org> http://www.jpsdomain.org/
	http://www.jpsdomain.org/security/tools.html#firewalls


Note: LogSwap is not needed for CheckPoint Firewall-1/VPN-1 Next Generation
(AKA v5.x) -- use the built-in logging facility.


Instructions

1. Create a "log save" directory, e.g. c:\Save-Logs and set good file system
permissions on it!

2.  Edit LogSwap.cmd and set all the varables in the first section.

3.  Make sure some Scheduler is running (see below re: NT Schedulers).

4.  Run "LogSwap.cmd AT" to schedule the script every Sunday night at 11:55
PM if you are running the old NT "AT" scheduler.  

That's it.  You should probably test run it manually and make sure everything is
working as expected.  Read the comments in the code to see what is happening.


To Uninstall

1.  Delete the scheduled job (if you are running the old NT "AT" scheduler):
	at	(to get the job ID)
	at [job ID] /delte

2.  Delete the files listed below from the utility directory.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Windows Schedulers

If you have not installed IE5.x on your NT 4 machine, then you have the NT
"at" schedule service.  So something like the following examples will work:

  at 23:55 /every:M,T,W,Th,F,S,Su cmd /c %LCROOTW%\bin\wrapper.cmd
  at 23:55 /every:Su cmd /c %LCROOTW%\bin\wrapper.cmd

If you have installed IE5.x (specifically the Offline Browsing pack) then the
simple act of installing an application has made fundamentaly changes to
your base operating system, without asking for permission or informing you
of the fact.  You are now using "Mstask.exe" -- the Task Scheduler.  See the
following TechNet articles for more information:

    Q178706 How to Schedule a Program Using Task Scheduler

    Q235536 Task Scheduler Service on Windows NT
    Q236773 Internet Explorer Replaces Atsvc.exe Tool with Mstask.exe Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Known Issue

Note: ironically, there is no purge for the log file that THIS program
creates. However, each time LogSwap runs, it should genereate less than 800
bytes of log file text. If it runs once a week, 800 * 52 = 41,600 bytes.
Even once a day, 800 * 365 = 292,000. At this rate, you will replace the
firewall server long before LogSwap.txt gets large enough to matter.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Files

!LogSwap.txt	This file
gzip.exe	GNU GZip	(Note, this may also be used by extract_patch)
LogSwap.cmd	The Script
OBSOLETE.COM	Purge old logs


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tools Used

obsolete.com	http://www.jpsdomain.org/public/tools/obslt10.ZIP


K. M. Syring's collection of free ports of common GNU utilities to native
Win32:
	http://www.weihenstephan.de/~syring/win32/UnxUtils.html
	http://www.weihenstephan.de/~syring/win32/UnxUtils.zip

Specifically:
	gzip 1.2.4 (18 Aug 93)


Alternate gzip: ftp://ftp.cdrom.com/pub/infozip/WIN32/gzip124xN.zip


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
LogSwap Changes

See the top of LogSwap.cmd (Windows) or LogSwap.sh (UNIX).


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Last Updated: Fri Sep 14 16:02:51 2001
-- JP Vossen <jp@jpsdomain.org> http://www.jpsdomain.org/

