Re: upgrade from R80.20 to R80.30 Log server don't...

Rene_Rolsted · ‎2019-11-17

We have upgraded our management server to R80.30 and we have no problem.

We have upgraded our Log server and this works fine.
We log to Rapid7 and when we running R80.20 everything works great and we send logs to Rapid7

But we have some errors in R80.30 and we don't send log to Rapid7 now.

I use this guide:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

I make this command

cp_log_export add name Rapid7_new target-server 10.1.81.48 target-port 5149 protocol udp format syslog

[Expert@fwmp05b1:0]# cp_log_export restart name Rapid7_new
Stopping log_exporter for: Rapid7_new
cpwd_admin:
Process EXPORTER.Rapid7_new (pid=24955) stopped with command "kill 24955". Exit code 0.
Starting log_exporter for: Rapid7_new
cpwd_admin:
Process EXPORTER.Rapid7_new started successfully (pid=22531)

[Expert@fwmp05b1:0]# cp_log_export status

name: Rapid7_new
status: Running (22531)
last log read at: N/A
debug file: /opt/CPrt-R80.30/log_exporter/targets/Rapid7_new/log/log_indexer.elg

I get those errors when er read the .elg files
[Expert@fwmp05b1:0]# more /opt/CPrt-R80.30/log_exporter/targets/Rapid7_new/log/log_indexer.elg

[18 Nov 8:46:49] pfopen: failed to open /opt/CPsuite-R80.30/fw1/log/2019-11-01_204407_136.log
[18 Nov 8:46:49] CBinaryFile::Open: failed to open file (/opt/CPsuite-R80.30/fw1/log/2019-11-01_204407_136.log) for reading
[18 Nov 8:46:49] CBinaryFile::Open: exit status false
[18 Nov 8:46:49] CMappedBinaryFile::error opening file /opt/CPsuite-R80.30/fw1/log/2019-11-01_204407_136.log
[18 Nov 8:46:49] CLogFile::Open2: error: open (/opt/CPsuite-R80.30/fw1/log/2019-11-01_204407_136.log) for reading failed
[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] CpLogReader::Open: failed to open /opt/CPsuite-R80.30/fw1/log/2019-11-01_204407_136.log

[18 Nov 8:46:49] pfopen: failed to open /opt/CPsuite-R80.30/fw1/log/2019-11-01_235900.log
[18 Nov 8:46:49] CBinaryFile::Open: failed to open file (/opt/CPsuite-R80.30/fw1/log/2019-11-01_235900.log) for reading
[18 Nov 8:46:49] CBinaryFile::Open: exit status false
[18 Nov 8:46:49] CMappedBinaryFile::error opening file /opt/CPsuite-R80.30/fw1/log/2019-11-01_235900.log
[18 Nov 8:46:49] CLogFile::Open2: error: open (/opt/CPsuite-R80.30/fw1/log/2019-11-01_235900.log) for reading failed
[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] CpLogReader::Open: failed to open /opt/CPsuite-R80.30/fw1/log/2019-11-01_235900.log

[18 Nov 8:46:49] pfopen: failed to open /opt/CPsuite-R80.30/fw1/log/2019-11-02_000000.log
[18 Nov 8:46:49] CBinaryFile::Open: failed to open file (/opt/CPsuite-R80.30/fw1/log/2019-11-02_000000.log) for reading
[18 Nov 8:46:49] CBinaryFile::Open: exit status false
[18 Nov 8:46:49] CMappedBinaryFile::error opening file /opt/CPsuite-R80.30/fw1/log/2019-11-02_000000.log
[18 Nov 8:46:49] CLogFile::Open2: error: open (/opt/CPsuite-R80.30/fw1/log/2019-11-02_000000.log) for reading failed
[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] CpLogReader::Open: failed to open /opt/CPsuite-R80.30/fw1/log/2019-11-02_000000.log

[18 Nov 8:46:49] pfopen: failed to open /opt/CPsuite-R80.30/fw1/log/2019-11-02_120246_137.log
[18 Nov 8:46:49] CBinaryFile::Open: failed to open file (/opt/CPsuite-R80.30/fw1/log/2019-11-02_120246_137.log) for reading
[18 Nov 8:46:49] CBinaryFile::Open: exit status false
[18 Nov 8:46:49] CMappedBinaryFile::error opening file /opt/CPsuite-R80.30/fw1/log/2019-11-02_120246_137.log
[18 Nov 8:46:49] CLogFile::Open2: error: open (/opt/CPsuite-R80.30/fw1/log/2019-11-02_120246_137.log) for reading failed
[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] CpLogReader::Open: failed to open /opt/CPsuite-R80.30/fw1/log/2019-11-02_120246_137.log

[18 Nov 8:46:49] pfopen: failed to open /opt/CPsuite-R80.30/fw1/log/2019-11-02_235900.log
[18 Nov 8:46:49] CBinaryFile::Open: failed to open file (/opt/CPsuite-R80.30/fw1/log/2019-11-02_235900.log) for reading
[18 Nov 8:46:49] CBinaryFile::Open: exit status false
[18 Nov 8:46:49] CMappedBinaryFile::error opening file /opt/CPsuite-R80.30/fw1/log/2019-11-02_235900.log
[18 Nov 8:46:49] CLogFile::Open2: error: open (/opt/CPsuite-R80.30/fw1/log/2019-11-02_235900.log) for reading failed
[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] CpLogReader::Open: failed to open /opt/CPsuite-R80.30/fw1/log/2019-11-02_235900.log

[18 Nov 8:46:49] pfopen: failed to open /opt/CPsuite-R80.30/fw1/log/2019-11-03_000000.log
[18 Nov 8:46:49] CBinaryFile::Open: failed to open file (/opt/CPsuite-R80.30/fw1/log/2019-11-03_000000.log) for reading
[18 Nov 8:46:49] CBinaryFile::Open: exit status false
[18 Nov 8:46:49] CMappedBinaryFile::error opening file /opt/CPsuite-R80.30/fw1/log/2019-11-03_000000.log
[18 Nov 8:46:49] CLogFile::Open2: error: open (/opt/CPsuite-R80.30/fw1/log/2019-11-03_000000.log) for reading failed
[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] CpLogReader::Open: failed to open /opt/CPsuite-R80.30/fw1/log/2019-11-03_000000.log

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:fw.log [1574031600]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:fw.log [1574031600] create session for [15945957-4294967295]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-14_105325_5.log [1573686000]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-14_105325_5.log [1573686000] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-14_000000.log [1573685940]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-14_000000.log [1573685940] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-13_235900.log [1573667904]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-13_235900.log [1573667904] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-13_185824_4.log [1573637844]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-13_185824_4.log [1573637844] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-13_103724_3.log [1573599600]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-13_103724_3.log [1573599600] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-13_000000.log [1573599540]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-13_000000.log [1573599540] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-12_235900.log [1573586634]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-12_235900.log [1573586634] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-12_202353_2.log [1573554853]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-12_202353_2.log [1573554853] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-12_113412_1.log [1573513200]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-12_113412_1.log [1573513200] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-12_000000.log [1573513140]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-12_000000.log [1573513140] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-11_235900.log [1573489314]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-11_235900.log [1573489314] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-11_172154_5.log [1573469158]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-11_172154_5.log [1573469158] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-11_114557_4.log [1573426800]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-11_114557_4.log [1573426800] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-11_000000.log [1573426740]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-11_000000.log [1573426740] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-10_235900.log [1573392274]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-10_235900.log [1573392274] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-10_142434_3.log [1573340400]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-10_142434_3.log [1573340400] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-10_000000.log [1573340341]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-10_000000.log [1573340341] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-09_235900.log [1573299121]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-09_235900.log [1573299121] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-09_123200_2.log [1573254000]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-09_123200_2.log [1573254000] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-09_000000.log [1573253940]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-09_000000.log [1573253940] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-08_235900.log [1573232635]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-08_235900.log [1573232635] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-08_180355_1.log [1573167600]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-08_180355_1.log [1573167600] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-08_000000.log [1573167540]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-08_000000.log [1573167540] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-07_235900.log [1573116154]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-07_235900.log [1573116154] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-07_094234.log [1573115413]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-07_094234.log [1573115413] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-07_093013_146.log [1573081201]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-07_093013_146.log [1573081201] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-07_000000.log [1573081140]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-07_000000.log [1573081140] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-06_235900.log [1573066644]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-06_235900.log [1573066644] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-06_195724_145.log [1573034048]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-06_195724_145.log [1573034048] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-06_105407_144.log [1572994800]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-06_105407_144.log [1572994800] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-06_000000.log [1572994741]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-06_000000.log [1572994741] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-05_235900.log [1572978346]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-05_235900.log [1572978346] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-05_192546_143.log [1572947023]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-05_192546_143.log [1572947023] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-05_104342_142.log [1572908400]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-05_104342_142.log [1572908400] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-05_000000.log [1572908341]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-05_000000.log [1572908341] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-04_235900.log [1572905198]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-04_235900.log [1572905198] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-04_230638_141.log [1572872640]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-04_230638_141.log [1572872640] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-04_140359_140.log [1572849950]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-04_140359_140.log [1572849950] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-04_074550_139.log [1572822000]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-04_074550_139.log [1572822000] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-04_000000.log [1572821941]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-04_000000.log [1572821941] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-03_235900.log [1572783445]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-03_235900.log [1572783445] Too old - skipping

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] LogFetcher::CreateSessions - 127.0.0.1:2019-11-03_131724_138.log [1572735600]

[log_indexer 22531 4063230784]@fwmp05b1[18 Nov 8:46:49] 127.0.0.1:2019-11-03_131724_138.log [1572735600] Too old - skipping

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['product']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['__policy_id_tag']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['inzone']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['outzone']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['src']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['s_port']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['dst']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['service']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['proto']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['xlatesrc']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['xlatedst']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['xlatesport']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['xlatedport']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['nat_rulenum']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['nat_addtnl_rulenum']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] Read Log Format field name:['match_table']

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] markFieldIfItShouldBeAddToLogHeaderFormat: Mark as Header on position: 2 field:time

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] LogFormatExtractor::prepareFieldGetterForField nFieldType == eFtTable

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] LogFormatExtractor::prepareFieldGetterForField - Read fields format from table:match_table

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:50] ActionTranslator::GetActionString - error - failed to find action string for action number [25] returning empty action

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:51] ActionTranslator::GetActionString - error - failed to find action string for action number [25] returning empty action

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:51] ActionTranslator::GetActionString - error - failed to find action string for action number [24] returning empty action

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:51] ActionTranslator::GetActionString - error - failed to find action string for action number [25] returning empty action

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:51] ActionTranslator::GetActionString - error - failed to find action string for action number [24] returning empty action

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:51] ActionTranslator::GetActionString - error - failed to find action string for action number [25] returning empty action

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:52] ActionTranslator::GetActionString - error - failed to find action string for action number [25] returning empty action

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:52] ActionTranslator::GetActionString - error - failed to find action string for action number [24] returning empty action

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:52] ActionTranslator::GetActionString - error - failed to find action string for action number [25] returning empty action

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:52] ActionTranslator::GetActionString - error - failed to find action string for action number [24] returning empty action

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:53] ActionTranslator::GetActionString - error - failed to find action string for action number [25] returning empty action

[log_indexer 22531 4107270976]@fwmp05b1[18 Nov 8:46:53] ActionTranslator::GetActionString - error - failed to find action string for action number [25]

Some who know about this problem or have a solution?

Best regards
René Rolsted

Dror_Aharony · ‎2019-11-18

I see 2 possible issues in the .elg, but neither should result in no logs being exported at all.

Are you sure you don't see any exported logs on your SIEM now, ever since the upgrade of the Log-Server to R80.30?

Did you Install database on the upgraded Log-Server & run:

1. cp_log_export reconf

2. cp_log_export restart

Please copy the .elg again & this file's output here:

cat $EXPORTERDIR/targets/<exporter_name>/data/FetchedFiles

Rene_Rolsted · ‎2019-11-18

Hi

I Install Database and I don't see any logs in Rapid7

I run those 2 commands:

cp_log_export reconf

cp_log_export restart

This is my output - i try to make a new one, Rapid7_new - the old are Rapid7

[Expert@fwmp05b1:0]# cat /opt/CPrt-R80.30/log_exporter/targets/Rapid7_new/data/FetchedFiles
22 serialization::archive 15 0 0 0 0 23 1 0 1 3 1 0
0 9 127.0.0.1 23 2019-11-15_110248_7.log 1573772400 1 17164887 0 0 0 0 3
1 9 127.0.0.1 24 2019-11-16_000000.adtlog 1573772400 1 4 0 0 3
2 9 127.0.0.1 21 2019-11-15_000000.log 1573772340 1 20120 0 0 3
3 9 127.0.0.1 21 2019-11-14_235900.log 1573758680 1 4589089 0 0 3
4 9 127.0.0.1 23 2019-11-14_201119_6.log 1573725205 1 16977009 0 0 3
5 9 127.0.0.1 23 2019-11-15_215943_8.log 1573812168 1 17082709 0 0 3
6 9 127.0.0.1 21 2019-11-15_235900.log 1573851583 1 2246072 0 0 3
7 9 127.0.0.1 21 2019-11-16_000000.log 1573858740 1 18046 0 0 3
8 9 127.0.0.1 23 2019-11-16_121148_9.log 1573858800 1 16808856 0 0 3
9 9 127.0.0.1 24 2019-11-17_000000.adtlog 1573858800 1 4 0 0 3
10 9 127.0.0.1 21 2019-11-16_235900.log 1573902708 1 13172644 0 0 3
11 9 127.0.0.1 21 2019-11-17_000000.log 1573945140 1 17544 0 0 3
12 9 127.0.0.1 24 2019-11-17_140751_10.log 1573945200 1 16822434 0 0 3
13 9 127.0.0.1 24 2019-11-18_000000.adtlog 1573945200 1 4 0 0 3
14 9 127.0.0.1 21 2019-11-17_235900.log 1573996071 1 10152465 0 0 3
15 9 127.0.0.1 21 2019-11-18_000000.log 1574031540 1 17813 0 0 3
16 9 127.0.0.1 24 2019-11-18_090017_11.log 1574031600 1 16617765 0 0 3
17 9 127.0.0.1 24 2019-11-19_000000.adtlog 1574031600 1 4 0 0 3
18 9 127.0.0.1 24 2019-11-18_154513_12.log 1574064017 1 16618290 0 0 3
19 9 127.0.0.1 21 2019-11-18_235900.log 1574088313 1 10682349 0 0 3
20 9 127.0.0.1 21 2019-11-19_000000.log 1574117940 1 18853 0 0 3
21 9 127.0.0.1 6 fw.log 1574118000 0 4294967295 1 0 2 0 0 9385118 3
22 9 127.0.0.1 9 fw.adtlog 1574118000 0 4294967295 1 0 2 0 0 4
[Expert@fwmp05b1:0]#

[Expert@fwmp05b1:0]# cat /opt/CPrt-R80.30/log_exporter/targets/Rapid7/data/FetchedFiles
22 serialization::archive 15 0 0 0 0 38 1 0 1 3 1 0
0 9 127.0.0.1 23 2019-11-12_113412_1.log 1573513200 1 17174600 0 0 0 0 3
1 9 127.0.0.1 24 2019-11-13_000000.adtlog 1573513200 1 7 0 0 3
2 9 127.0.0.1 21 2019-11-12_000000.log 1573513140 1 17246 0 0 3
3 9 127.0.0.1 21 2019-11-11_235900.log 1573489314 1 9699330 0 0 3
4 9 127.0.0.1 23 2019-11-11_172154_5.log 1573469158 1 16295746 0 0 3
5 9 127.0.0.1 23 2019-11-12_202353_2.log 1573554853 1 16892346 0 0 3
6 9 127.0.0.1 21 2019-11-12_235900.log 1573586634 1 5574348 0 0 3
7 9 127.0.0.1 21 2019-11-13_000000.log 1573599540 1 21686 0 0 3
8 9 127.0.0.1 23 2019-11-13_103724_3.log 1573599600 1 17027370 0 0 3
9 9 127.0.0.1 24 2019-11-14_000000.adtlog 1573599600 1 15 0 0 3
10 9 127.0.0.1 23 2019-11-13_185824_4.log 1573637844 1 17015197 0 0 3
11 9 127.0.0.1 21 2019-11-13_235900.log 1573667904 1 6423779 0 0 3
12 9 127.0.0.1 21 2019-11-14_000000.log 1573685940 1 19681 0 0 3
13 9 127.0.0.1 23 2019-11-14_105325_5.log 1573686000 1 17098750 0 0 3
14 9 127.0.0.1 24 2019-11-15_000000.adtlog 1573686000 1 4 0 0 3
15 9 127.0.0.1 23 2019-11-14_201119_6.log 1573725205 1 16977009 0 0 3
16 9 127.0.0.1 21 2019-11-14_235900.log 1573758680 1 4589089 0 0 3
17 9 127.0.0.1 21 2019-11-15_000000.log 1573772340 1 20120 0 0 3
18 9 127.0.0.1 24 2019-11-16_000000.adtlog 1573772400 1 4 0 0 3
19 9 127.0.0.1 23 2019-11-15_110248_7.log 1573772400 1 17164887 0 0 3
20 9 127.0.0.1 23 2019-11-15_215943_8.log 1573812168 1 17082709 0 0 3
21 9 127.0.0.1 21 2019-11-15_235900.log 1573851583 1 2246072 0 0 3
22 9 127.0.0.1 21 2019-11-16_000000.log 1573858740 1 18046 0 0 3
23 9 127.0.0.1 23 2019-11-16_121148_9.log 1573858800 1 16808856 0 0 3
24 9 127.0.0.1 24 2019-11-17_000000.adtlog 1573858800 1 4 0 0 3
25 9 127.0.0.1 21 2019-11-16_235900.log 1573902708 1 13172644 0 0 3
26 9 127.0.0.1 21 2019-11-17_000000.log 1573945140 1 17544 0 0 3
27 9 127.0.0.1 24 2019-11-17_140751_10.log 1573945200 1 16822434 0 0 3
28 9 127.0.0.1 24 2019-11-18_000000.adtlog 1573945200 1 4 0 0 3
29 9 127.0.0.1 21 2019-11-17_235900.log 1573996071 1 10152465 0 0 3
30 9 127.0.0.1 21 2019-11-18_000000.log 1574031540 1 17813 0 0 3
31 9 127.0.0.1 24 2019-11-18_090017_11.log 1574031600 1 16617765 0 0 3
32 9 127.0.0.1 24 2019-11-19_000000.adtlog 1574031600 1 4 0 0 3
33 9 127.0.0.1 24 2019-11-18_154513_12.log 1574064017 1 16618290 0 0 3
34 9 127.0.0.1 21 2019-11-18_235900.log 1574088313 1 10682349 0 0 3
35 9 127.0.0.1 21 2019-11-19_000000.log 1574117940 1 18853 0 0 3
36 9 127.0.0.1 6 fw.log 1574118000 0 4294967295 1 0 2 0 0 9493438 3
37 9 127.0.0.1 9 fw.adtlog 1574118000 0 4294967295 1 0 2 0 0 4
[Expert@fwmp05b1:0]#

Rene_Rolsted · ‎2019-11-18

Thanks for your help.
The rapid7 admin have change the port to tcp - after we change the port to udp every things works fine. 🙂

Are you a member of CheckMates?

upgrade from R80.20 to R80.30 Log server don't send logs to Rapid7 SIEM