https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188838#M67721 <P>when I check in particular VS , <SPAN>&nbsp;"cpstat fw -f log_connection" showing primary log servers as disconnected&nbsp;but in VS0 same command output is 'connected.'</SPAN></P> Tue, 08 Aug 2023 03:37:32 GMT JSingh_N 2023-08-08T03:37:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188779#M67716 <P>Hi,</P><P>I have doubt in virtual system logging mechanism.</P><P>We have configured 2 dedicated log servers as primary log servers and 1 as backup log server in VS.</P><P>1.) When I run command "cpstat fw -f log_connection" I see primary log servers as connected but secondary / backup log server as disconnected.</P><P>2,) When I run command "tcpdump -nni any tcp port 257" in particular VS context, I am not able to see any traffic, also netstat -an | grep 257 does not show any connection.</P><P>3.) However, when I run&nbsp;"tcpdump -nni any tcp port 257" in VS0, then I am able to see the traffic for log servers and also able to see the connection established for 'netstat -an | grep 257'</P><P>&nbsp;</P><P>In few of the VS, I see output&nbsp;&nbsp;of "cpstat fw -f log_connection" as disconnected for all three log servers but able to see logs in SmartConsole logs.</P><P>Please share your inputs regarding this behavior of VS logging.&nbsp;</P><P>&nbsp;</P><P>Regards,</P><P>Jaspal Singh</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 07 Aug 2023 11:52:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188779#M67716 JSingh_N 2023-08-07T11:52:24Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188792#M67717 <P>Primary Log servers all receive the logs, but secondary is used when one or all primary log servers are unreachable.</P> Mon, 07 Aug 2023 12:59:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188792#M67717 G_W_Albrecht 2023-08-07T12:59:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188802#M67718 <P>Ok, thanks for the revert. I got your point.</P><P>Could you please share your inputs for point 2 and 3 as well?</P><P>I think there is some mechanism in case of VSX env. that I am not aware of. May be some sort of mapping with VS0 or similar to this, I am not sure for now.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 07 Aug 2023 14:04:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188802#M67718 JSingh_N 2023-08-07T14:04:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188803#M67719 <P>Logging for all VSs is done from VS0 context, this should cover 2 &amp; 3</P> Mon, 07 Aug 2023 14:06:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188803#M67719 _Val_ 2023-08-07T14:06:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188815#M67720 <P>Expanding on this, almost all outgoing traffic is sent from VS0. Traffic logs. Syslog data. DNS requests. NTP. RADIUS or TACACS for authentication.</P> <P>VPN negotiations are the only thing I can think of offhand which originates from the firewall, but which leaves using the routing table of a VS other than 0.</P> Mon, 07 Aug 2023 16:54:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188815#M67720 Bob_Zimmerman 2023-08-07T16:54:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188838#M67721 <P>when I check in particular VS , <SPAN>&nbsp;"cpstat fw -f log_connection" showing primary log servers as disconnected&nbsp;but in VS0 same command output is 'connected.'</SPAN></P> Tue, 08 Aug 2023 03:37:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Virtual-System-in-VSX-Logging/m-p/188838#M67721 JSingh_N 2023-08-08T03:37:32Z