Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

How to check interfaces operation failure(down) log with GUI

Jump to solution

Hi~ All.
Our customer wants to know how to check interfaces operation failure(down) log with GUI.
Most of firewalls(Palo Alto, Fortigate, SECUI...etc) can check operation failure(down) log with GUI.

But check point can't do it...

Am I missing something?

Is there anyone knows how to check interfaces operation failure(down) log with GUI.


Our customer has got a 15600-gateway. (Version R80.10)

1 Solution

Accepted Solutions
Highlighted

Good point for RFE ... customers dont want to spend 30 minutes searching in logs ... They want to see statistics for interface flapping in one click. 

As all flaps are logged in /var/log/messages/ it cannot be such a deal to transfer it to some command (show interface <NAME> link-status) or WebUI.

Kind regards,
Jozko Mrkvicka

View solution in original post

17 Replies
Highlighted
Champion
Champion

There is much information available for interface states in the Cluster Logs. Without Clustering, SysLog contains it or SNMP can be used - but both do not show in CP GUI.

0 Kudos
Reply
Highlighted
Contributor

Cluster logs in CP GUI??

Could you let me know where is the Cluster logs pasth?

thank you.

0 Kudos
Reply
Highlighted
Champion
Champion

In Dashboard, the logs can be viewed. In old times, it was SmartView Tracker and to see cluster logs:

- #Go to the right-most column "Information"

- #Right click on the name of the column

- #Click on "Edit filter"

- #Under "Specific" choose "Contains"

- #In "Text" type the word "cluster_info" (do not check any boxes)

- #Click on "OK"

You can start it for R80.10 as C:\Program Files (x86)\CheckPoint\SmartConsole\R80.10\PROGRAM\CPlgv.exe

0 Kudos
Reply
Highlighted
Contributor

It does not work....

I think it supoorts only the clustering configuration.

Thank you for your advice.

0 Kudos
Reply
Highlighted
Champion
Champion

Yes, that was what i wrote - but as a single GW is not the best security solution (to put it mildly), clustering is very common.

0 Kudos
Reply
Highlighted
Contributor

Okay! I will consider it. 

Thank you for your advice.

0 Kudos
Reply
Highlighted
Admin
Admin

Gaia WebUI?

0 Kudos
Reply
Highlighted
Contributor

Hi~ Dameon Welch Abernathy.

Our client wants to know history of interface down log in GUI.

Example.

1) Interface Operation Failure enable

2) Filter => time=between(20180817000000-20180817235959) description=contains(eth1)

It is a feature provided by most firewalls.

It is useful information for fault analysis.

But Check Point is not support.... ㅠ.ㅠ

Highlighted
Admin
Admin

There are several options to look for such information:

1. /var/log/messages file on the appliance, look for interface related info. Mind the logs are rotated, so you might need some scripting to keep the history record of required depth. 

2. SNMP Monitoring. If you are using external SNMP monitoring system, you can create required reports there.

Highlighted
Admin
Admin

The information can be uncovered, just not in the WebUI.

In R80.20, we are simplifying/adding some information into our CLI commands specifically related to clustering, but I'm not sure we are adding this information into the WebUI.

In any case, it's useful feedback and something to be considered for later releases.

0 Kudos
Reply
Highlighted

Good point for RFE ... customers dont want to spend 30 minutes searching in logs ... They want to see statistics for interface flapping in one click. 

As all flaps are logged in /var/log/messages/ it cannot be such a deal to transfer it to some command (show interface <NAME> link-status) or WebUI.

Kind regards,
Jozko Mrkvicka

View solution in original post

Highlighted
Champion
Champion

This is also sent as SysLog afaik...

0 Kudos
Reply
Highlighted
Admin
Admin

RFE point taken, but I am pretty sure this will not make it very high on the priority list.

You can also easily script it without asking Check Point R&D to do it for you. It is a three line script, right? 🙂

0 Kudos
Reply
Highlighted
Champion
Champion

Are you really shure that RFE is the correct answer to your question ? I would mark the comment from Valeri Loukine as the correct answer - requesting a new feature does not provide any immediate help ! And yes, SysLog is a poor mans solution here, SNMP is the standard...

0 Kudos
Reply
Highlighted
Admin
Admin

Günther W. Albrecht‌, it is okay if the topic starter like the other comment better. I am okay with that as long as we provide guidance for finding a solution

0 Kudos
Reply
Highlighted
Champion
Champion

Yes, it is o.k. with me, too - still i personally think that the mark is "correct answer" not "comment liked best", but everyone as he likes...

Highlighted

What is severity and facility of those messages related to interface down ? Isnt it just "notice" ?

Kind regards,
Jozko Mrkvicka
0 Kudos
Reply