cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

CPLogToSyslog process getting Terminated frequently

Dear All,

We have integrated ArcSight Syslog with Checkpoint R80.10 with JHF_Take_46 as per 

sk109016, sk115392, sk121334

$FWDIR/state/SEAM/local.cplogtosyslog_policy.C is configured correctly.

For 2 days, ArcSight was receiving the logs. But stopped.

With "cpwd_admin list" - CPLogToSyslog process getting Terminated and tried restarting as well but no luck.

Took CPLogToSyslog debug as well, but all it states that UDP succeeded for ArcSight IP in 514 port.

Fwm.elg as well with no clue.

Any help to see why CPLogToSyslog process getting Terminated constantly.


(No drops as well Firewall during restart of CPLogToSyslog process or with ArcSight IP)

Regards, Prabulingam.N

8 Replies
Admin
Admin

Re: CPLogToSyslog process getting Terminated frequently

Have you opened a TAC case, by chance?

0 Kudos

Re: CPLogToSyslog process getting Terminated frequently

Dear Dameon,

I had opened TAC case for this but awaiting for inputs.

In meanwhile I had also tried with Take_56 JHF and CPLogToSyslog_Take_56. No luck, still the process getting terminated and logs not getting forwarded.

Not sure is there any stability concern on Take_42 and Take_56 of CPLogToSyslog HFs.

Regards, Prabulingam.N

0 Kudos
Highlighted
Admin
Admin

Re: CPLogToSyslog process getting Terminated frequently

I recommend using the new Log Exporter tool instead of CPLogToSyslog: https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

0 Kudos

Re: CPLogToSyslog process getting Terminated frequently

Dear Daemon,

Yes, I could achieve good results using Log_Exporter instead of CPLogToSyslog.

Thanks to Yonatan as well.

Regards, Prabulingam.N

0 Kudos
RickHoppe
Silver

Re: CPLogToSyslog process getting Terminated frequently

We ran into crashes with CPLogToSyslog as well and replaced it with the EA of the Logout tool (sometimes also mentioned as Logexporter). Contact TAC for this.

Blog: https://checkpoint.engineer
0 Kudos

Re: CPLogToSyslog process getting Terminated frequently

Dear Rick/Daemon,

Thanks for your inputs.

Not yet opened TAC case.

But this I had also observed with another customer where after few days CPLogToSyslog process gets terminated and doesn't comes up.

Let me check this and probably I can update the result.

Regards, Prabulingam.N

0 Kudos
Employee+
Employee+

Re: CPLogToSyslog process getting Terminated frequently

Hello,

 

A new log exporting tool has been released. This tool will be replacing CPLogToSyslog.

You can find all relevant details in Logs Exporter - Check Point Logs Export.

 

The new tool has built-in CEF conversion which was developed in collaboration with Micro Focus.

Regards,

 Yonatan 

0 Kudos

Re: CPLogToSyslog process getting Terminated frequently

Dear Yonatan,

Thanks for headsup. Let me try this.

Regards, Prabulingam.N

0 Kudos