This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
srinidhi
Participant
‎2022-11-14 04:36 AM
Jump to solution

Error in Show logs API

Hi,

I am trying to get the Checkpoint logs using API from postman and I could see the below error.

I can see all the logs in the smart console. Please let me know if I need to change any settings.

Thanks

Screenshot 2022-11-14 at 5.59.06 PM.png

0 Kudos
2 Solutions

Accepted Solutions
Duane_Toler
Advisor
‎2022-11-15 06:44 AM
In response to srinidhi
Jump to solution

As @PhoneBoy said, your management should be your log server.  What do you get with the API call "show-checkpoint-host name <server name> details-level full"?  You should see:

 

  "management-blades" : {
...
   "logging-and-status" : true,
...
 }
...
  "logs-settings" : {
    "enable-log-indexing" : true,
...
  }

 

If not, then you need to enable the Logging blade on your management object as well as log indexing.  The show-logs API requires the indexer to be running.  Use SmartConsole to enable both options:

* Edit your management object, select the the "Logging and Status" checkbox in the Products list

* On the left tree, select Logs, and enable Log Indexing

* Click OK, publish changes

 

You'll have to wait for the indexer to load the logs into the database which can take time, depending on your log size and any historical logs.  If you need to load historical logs, then you'll need to use sk111766.

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack

View solution in original post

0 Kudos
Amir_Senn
Employee
Employee
‎2022-11-15 07:35 AM
In response to srinidhi
Jump to solution

It only shows log server working in index mode. IDK if relevant in your case but if the server is not indexing the logs it might explain the error for no log servers available.

Kind regards, Amir Senn

View solution in original post

0 Kudos
19 Replies
srinidhi
Participant
‎2022-11-14 05:30 AM
In response to the_rock
Jump to solution

Hi Thanks, but I see it works in the smart console, but in the API I get this error. So is there any specific settings to configure management server as log server .

0 Kudos
the_rock
Legend
Legend
‎2022-11-14 05:54 AM
In response to srinidhi
Jump to solution

Gotcha...just wondering, do you see anything from below command?

https://sc1.checkpoint.com/documents/latest/APIs/?#cli/show-logs~v1.8.1%20

Unless I dont see it, cant really locate section to configure log server, maybe someone else can chime in.

0 Kudos
srinidhi
Participant
‎2022-11-14 06:07 AM
In response to the_rock
Jump to solution

I see server_error with the command

Screenshot 2022-11-14 at 7.34.21 PM.png

0 Kudos
the_rock
Legend
Legend
‎2022-11-14 06:17 AM
In response to srinidhi
Jump to solution

Can you try api restart?

0 Kudos
srinidhi
Participant
‎2022-11-14 06:39 AM
In response to the_rock
Jump to solution

yes, but still the same error

0 Kudos
Duane_Toler
Advisor
‎2022-11-14 09:53 AM
In response to srinidhi
Jump to solution

You need "new-query.time-frame" as well.

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos
srinidhi
Participant
‎2022-11-14 10:02 AM
In response to Duane_Toler
Jump to solution

I get the same error as in the post, when I tried with new-query.time-frame

I assume that I need to configure management server as log server, but I am confused that I can see logs in the Smart Console,  not sure if I am right, Please let me know what are the steps to check and change log server configuration.

Screenshot 2022-11-14 at 11.28.38 PM.png

0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-14 10:09 AM
In response to srinidhi
Jump to solution

The management server is the log server unless you've configured an external log and/or SmartEvent server.
What are the hardware specs on your management/log server?
Specify the amount of RAM, CPUs, and disk allocated.

0 Kudos
srinidhi
Participant
‎2022-11-14 09:53 PM
In response to PhoneBoy
Jump to solution

Please find the configuration

RAM - 11GB

CPU- 2 cores

Storage- 200GB

0 Kudos
Duane_Toler
Advisor
‎2022-11-15 06:44 AM
In response to srinidhi
Jump to solution

As @PhoneBoy said, your management should be your log server.  What do you get with the API call "show-checkpoint-host name <server name> details-level full"?  You should see:

 

  "management-blades" : {
...
   "logging-and-status" : true,
...
 }
...
  "logs-settings" : {
    "enable-log-indexing" : true,
...
  }

 

If not, then you need to enable the Logging blade on your management object as well as log indexing.  The show-logs API requires the indexer to be running.  Use SmartConsole to enable both options:

* Edit your management object, select the the "Logging and Status" checkbox in the Products list

* On the left tree, select Logs, and enable Log Indexing

* Click OK, publish changes

 

You'll have to wait for the indexer to load the logs into the database which can take time, depending on your log size and any historical logs.  If you need to load historical logs, then you'll need to use sk111766.

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos
srinidhi
Participant
‎2022-11-15 08:36 PM
In response to Duane_Toler
Jump to solution

Thanks, after enabling the log indexing, it is working

0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-14 06:18 AM
Jump to solution

What is your precise API call?
Also, version/JHF level?

0 Kudos
srinidhi
Participant
‎2022-11-14 06:41 AM
In response to PhoneBoy
Jump to solution

Please find my API call:

and the version is R81 take 392

Screenshot 2022-11-14 at 8.10.49 PM.png

 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-14 07:40 AM
In response to srinidhi
Jump to solution

What are the hardware specs on your management/log server?
Specify RAM, CPUs, and disk allocated.

0 Kudos
the_rock
Legend
Legend
‎2022-11-14 07:55 AM
In response to srinidhi
Jump to solution

Not that good with API, but wanted to try this in the lab, except cant open https://mgmtIP:port/web-api link. Let me see whats missing.

0 Kudos
srinidhi
Participant
‎2022-11-14 09:36 AM
In response to the_rock
Jump to solution

Please let me know if this works for you

curl --insecure -XPOST "https://mgmtIP:port/web-api /login" --data-binary "{\"user\": \"xxx\", \"password\": \”xxxx\"}" -H "Content-Type: application/json"

 

0 Kudos
the_rock
Legend
Legend
‎2022-11-14 09:47 AM
In response to srinidhi
Jump to solution

I replaced the values but says curl command not found.

0 Kudos
Amir_Senn
Employee
Employee
‎2022-11-15 07:35 AM
In response to srinidhi
Jump to solution

It only shows log server working in index mode. IDK if relevant in your case but if the server is not indexing the logs it might explain the error for no log servers available.

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events