This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Maarten_Lutterm
Contributor
‎2018-05-28 02:58 AM
Jump to solution

No logging in Logging and Monitor tab

Hi, 

I have installed a new log-server with R80.10 and smartevent and correlation unit on it.

We are running a management HA. Added the log server to the management. SIC is working everything looks fine. Log server is receiving logs (check with Smartview Tracker). But if we use SmartConsole and go to the TAB Logging & Monitoring we get an error: 

I followed serveral SK's (40090 and 121054) Also created an SR with TAC. We tried several things Check Point asked. Clear the indexer cache files, restarted, etc.. unfortunately without succes. We just uploaded the output of a script provided by Check Point.

Is there anyone who has an idea of what this can be? 

Thx in advance!

Best Regards,

Maarten Lutterman

1 Solution

Accepted Solutions
Maarten_Lutterm
Contributor
‎2018-11-29 03:56 AM
In response to Maximilian_Schr
Jump to solution

Hi Maximilian,

The problem described above was fixed by enabling log & monitor on the management and not only on the log server.

It adds the log server to a specific file that it's allowed to read the log from the log server and that it's assigned as a log server.

Best Regards,

Maarten

View solution in original post

10 Replies
Sven_Glock
Advisor
‎2018-05-28 06:27 AM
Jump to solution

Possibly this is too much basic, but it is sometimes helpful: Have you already tried "Install database"?

0 Kudos
Maarten_Lutterm
Contributor
‎2018-05-28 07:54 AM
In response to Sven_Glock
Jump to solution

Yes, already did that

Maarten_Lutterm
Contributor
‎2018-05-28 07:55 AM
Jump to solution

Just got off with CP TAC and the final conclusion is to re-install the logserver.

XavierBens
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2018-05-28 08:04 AM
In response to Maarten_Lutterm
Jump to solution

Oh Smiley Sad keep us updated if the re-installation fixed your issue

Cybersecurity Evangelist, CISSP, CCSP, CCSM Elite
0 Kudos
Maarten_Lutterm
Contributor
‎2018-05-29 01:47 PM
Jump to solution

Unfortunately the Re-installation did not fix the issue apparently the error is on the management and not on the log server. 

If we do a debug of RFL we see the following appear the moment we refresh in SmartConsole:

2018-05-29 19:47:03,364 ERROR [pool-1-thread-7] com.checkpoint.rfl.solr.monitoring.ServerConnectivityTask.printPingErrorMessage:28 - ping failed for server. ObjID: [ab6c901d-b6c2-420b-b723-157aad7dec86^], IP Address: [X.X.X.X], Port: [8211], Local IP: [false], Connecting IP Address: [X.X.X.X], Enable SSL: [true], Enable Remote SSL: [true], SmartEvent: [false], Primary Management: [false]
org.apache.solr.client.solrj.impl.HttpSolrServer$RemoteSolrException: Expected mime type application/octet-stream but got text/html. ^html^
^head^
^meta http-equiv=^Content-Type^ content=^text/html^charset=ISO-8859-1^/^
^title^Error 403 Forbidden^/title^
^/head^
^body^
^h2^HTTP ERROR: 403^/h2^
^p^Problem accessing /solr/template/admin/ping. Reason:
^pre^ Forbidden^/pre^^/p^
^hr /^^i^^small^Powered by Jetty://^/small^^/i^

Has anyone got a clue what this can be? i'm pretty much out of options. restarted the RFLserver and cleared the FetchedFiles and the directory CpmiLocal... all without succes. TAC is still investigating. 

Let me know!

0 Kudos
_Jelle
Collaborator
Collaborator
‎2018-05-30 07:24 AM
Jump to solution

Hi,

I would like to add that for this problem (for who i am the case owner right now), i just had a chat with support that mentioned the following script:

/opt/CPrt-R80/scripts/doctor-log.sh

Run this script and it analyzes and collects all the information needed for support to analyze possible logging issues. You can find the collected logs in the directory /tmp/sme-diag/results.

Gives you really a great bunch of information.

Kind regards,

Jelle

Maximilian_Schr
Explorer
‎2018-11-29 12:21 AM
Jump to solution

Hello Maarten,

 

I have the same issue since I have installed the upgrade to R80.10.

Have you found a solution for the problem ?

Would be great if you can give me any hints.

 

Kind regards,

 

Max

0 Kudos
Maarten_Lutterm
Contributor
‎2018-11-29 03:56 AM
In response to Maximilian_Schr
Jump to solution

Hi Maximilian,

The problem described above was fixed by enabling log & monitor on the management and not only on the log server.

It adds the log server to a specific file that it's allowed to read the log from the log server and that it's assigned as a log server.

Best Regards,

Maarten

Maximilian_Schr
Explorer
‎2018-11-29 04:16 AM
In response to Maarten_Lutterm
Jump to solution

Hi Maarten,

thank you a lot. Works as expected now.

Best regards,

Max

Ankur_Datta
Collaborator
‎2019-03-19 03:29 AM
In response to Maarten_Lutterm
Jump to solution

Hi Maarten,

 

Can you please let me know where you enabled log & monitor on management.

 

We are able to see logs on CLM but customer want to use one smart console to manage both security policies and view latest logs. In one of enviorment, through CMA  we can see the logs even the target log server is defined as CLM in firewall object.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events