Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
TAEKBOM_Kim
Contributor
Jump to solution

How to check interfaces operation failure(down) log with GUI

Hi~ All.
Our customer wants to know how to check interfaces operation failure(down) log with GUI.
Most of firewalls(Palo Alto, Fortigate, SECUI...etc) can check operation failure(down) log with GUI.

But check point can't do it...

Am I missing something?

Is there anyone knows how to check interfaces operation failure(down) log with GUI.


Our customer has got a 15600-gateway. (Version R80.10)

1 Solution

Accepted Solutions
JozkoMrkvicka
Mentor
Mentor

Good point for RFE ... customers dont want to spend 30 minutes searching in logs ... They want to see statistics for interface flapping in one click. 

As all flaps are logged in /var/log/messages/ it cannot be such a deal to transfer it to some command (show interface <NAME> link-status) or WebUI.

Kind regards,
Jozko Mrkvicka

View solution in original post

17 Replies
G_W_Albrecht
Legend
Legend

There is much information available for interface states in the Cluster Logs. Without Clustering, SysLog contains it or SNMP can be used - but both do not show in CP GUI.

CCSE CCTE CCSM SMB Specialist
0 Kudos
TAEKBOM_Kim
Contributor

Cluster logs in CP GUI??

Could you let me know where is the Cluster logs pasth?

thank you.

0 Kudos
G_W_Albrecht
Legend
Legend

In Dashboard, the logs can be viewed. In old times, it was SmartView Tracker and to see cluster logs:

- #Go to the right-most column "Information"

- #Right click on the name of the column

- #Click on "Edit filter"

- #Under "Specific" choose "Contains"

- #In "Text" type the word "cluster_info" (do not check any boxes)

- #Click on "OK"

You can start it for R80.10 as C:\Program Files (x86)\CheckPoint\SmartConsole\R80.10\PROGRAM\CPlgv.exe

CCSE CCTE CCSM SMB Specialist
0 Kudos
TAEKBOM_Kim
Contributor

It does not work....

I think it supoorts only the clustering configuration.

Thank you for your advice.

0 Kudos
G_W_Albrecht
Legend
Legend

Yes, that was what i wrote - but as a single GW is not the best security solution (to put it mildly), clustering is very common.

CCSE CCTE CCSM SMB Specialist
0 Kudos
TAEKBOM_Kim
Contributor

Okay! I will consider it. 

Thank you for your advice.

0 Kudos
PhoneBoy
Admin
Admin

Gaia WebUI?

0 Kudos
TAEKBOM_Kim
Contributor

Hi~ Dameon Welch Abernathy.

Our client wants to know history of interface down log in GUI.

Example.

1) Interface Operation Failure enable

2) Filter => time=between(20180817000000-20180817235959) description=contains(eth1)

It is a feature provided by most firewalls.

It is useful information for fault analysis.

But Check Point is not support.... ㅠ.ㅠ

_Val_
Admin
Admin

There are several options to look for such information:

1. /var/log/messages file on the appliance, look for interface related info. Mind the logs are rotated, so you might need some scripting to keep the history record of required depth. 

2. SNMP Monitoring. If you are using external SNMP monitoring system, you can create required reports there.

PhoneBoy
Admin
Admin

The information can be uncovered, just not in the WebUI.

In R80.20, we are simplifying/adding some information into our CLI commands specifically related to clustering, but I'm not sure we are adding this information into the WebUI.

In any case, it's useful feedback and something to be considered for later releases.

0 Kudos
JozkoMrkvicka
Mentor
Mentor

Good point for RFE ... customers dont want to spend 30 minutes searching in logs ... They want to see statistics for interface flapping in one click. 

As all flaps are logged in /var/log/messages/ it cannot be such a deal to transfer it to some command (show interface <NAME> link-status) or WebUI.

Kind regards,
Jozko Mrkvicka
G_W_Albrecht
Legend
Legend

This is also sent as SysLog afaik...

CCSE CCTE CCSM SMB Specialist
0 Kudos
_Val_
Admin
Admin

RFE point taken, but I am pretty sure this will not make it very high on the priority list.

You can also easily script it without asking Check Point R&D to do it for you. It is a three line script, right? 🙂

0 Kudos
G_W_Albrecht
Legend
Legend

Are you really shure that RFE is the correct answer to your question ? I would mark the comment from Valeri Loukine as the correct answer - requesting a new feature does not provide any immediate help ! And yes, SysLog is a poor mans solution here, SNMP is the standard...

CCSE CCTE CCSM SMB Specialist
0 Kudos
_Val_
Admin
Admin

Günther W. Albrecht‌, it is okay if the topic starter like the other comment better. I am okay with that as long as we provide guidance for finding a solution

0 Kudos
G_W_Albrecht
Legend
Legend

Yes, it is o.k. with me, too - still i personally think that the mark is "correct answer" not "comment liked best", but everyone as he likes...

CCSE CCTE CCSM SMB Specialist
JozkoMrkvicka
Mentor
Mentor

What is severity and facility of those messages related to interface down ? Isnt it just "notice" ?

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events