- Products
- Learn
- Local User Groups
- Partners
- More
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Troubleshooting Logs - A list of Resources - Training, SKs and Commands
Please share your favourites or suggestions. 👨🔧 👩🔧
Training:
https://training-certifications.checkpoint.com/ <-- See CCTA course. Highly recommended.
SecureKnowledge Articles:
Connectivity problems between the Security Gateway and the Log Server
https://support.checkpoint.com/results/sk/sk98317
Troubleshooting Check Point logging issues when Security Management Server / Log Server is not receiving logs from Security Gateway
https://support.checkpoint.com/results/sk/sk40090
Basic workflow for Logging issues troubleshooting
https://support.checkpoint.com/results/sk/sk38848
Best Practices - Configuration of logging from Security Gateway to Security Management Server / Log Server
https://support.checkpoint.com/results/sk/sk98126
Security gateway logging issues
https://support.checkpoint.com/results/sk/sk112162
Connectivity problems between the Security Gateway and the Log Server
https://support.checkpoint.com/results/sk/sk98317
Logging behavior of the Security Gateway
https://support.checkpoint.com/results/sk/sk41437
Smart-1 Appliances Logging Capacity Performance
https://support.checkpoint.com/results/sk/sk112797
ATRG: SmartLog
https://support.checkpoint.com/results/sk/sk92769
'The system doesn't meet the minimal hardware requirements for SmartLog' error when opening SmartLog GUI
https://support.checkpoint.com/results/sk/sk77420
How to clean up disk space on a Security Gateway or Security Management Server
https://support.checkpoint.com/results/sk/sk63361
Unable to see log files in the SmartConsole Logs view - Platform VMWare ESX
https://support.checkpoint.com/results/sk/sk182574
"No items found" error in SmartConsole when you are unable to open log files in non-indexed mode
https://support.checkpoint.com/results/sk/sk177164
Useful Commands:
Health Check Point Local Logging report
hcp -r "Local Logging"
List all logs stored locally
fw lslogs
Monitor log file growth
watch -d "ls -l $FWDIR/log/fw.log"
Check disk space
df -h /var/log
Capture log traffic
cppcap -i eth1 -p 100 -f "host <LOGSERVER_IP_ADDRESS> and tcp port 257"
Check for established log connections on the gateway (also try tnp and ltnp)
ss -tn dport = :257
Check if fwd is listening on port 257 on the Log server
netstat -ltnp | grep ':257'
Check which gateways are connected to the Log server on port 257
netstat -nap | grep ':257'
Switch active log file
fw logswitch
Fetch switched log files from a gateway to the Log server (Warning: Can take time and bandwidth)
fw fetchlogs <SmartConsole gateway name>
Check if fwd is running
cpwd_admin list
cpwd_admin list | awk 'NR==1 || $1=="FWD"'
Restart the Log server services associated with Logging and SmartEvent:
evstop ; evstart
# Monitor log handling on the Log server
cpview > Advanced > Logging > (Log-Rate | Indexer-Rates | Exporter-Rates)
# Monitor log handling on the gateway
cpview > Advanced > Logging > (Log-Rate | Worker-Statistics)
| User | Count |
|---|---|
| 54 | |
| 41 | |
| 15 | |
| 14 | |
| 12 | |
| 11 | |
| 11 | |
| 11 | |
| 10 | |
| 8 |
Thu 19 Feb 2026 @ 03:00 PM (EST)
Americas Deep Dive: Check Point Management API Best PracticesTue 24 Feb 2026 @ 11:00 AM (EST)
Under The Hood: CloudGuard Network Security for Azure Virtual WANThu 19 Feb 2026 @ 03:00 PM (EST)
Americas Deep Dive: Check Point Management API Best PracticesTue 24 Feb 2026 @ 11:00 AM (EST)
Under The Hood: CloudGuard Network Security for Azure Virtual WAN