cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Log server is disconnected

Hi Guys,

Yesterday, we installed a new log server. This is R80.10 fresh install.

this log server is not the management server.

It seems that everything is ok.

[Expert@fwreport:0]# cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 9008 E 1 [13:25:17] 5/10/2017 N cpviewd
CPD 9022 E 1 [13:25:17] 5/10/2017 Y cpd
FWD 9116 E 1 [13:25:18] 5/10/2017 N fwd -n
FWM 9121 E 1 [13:25:18] 5/10/2017 N fwm
CPM 9358 E 1 [13:25:19] 5/10/2017 N /opt/CPsuite-R80/fw1/scripts/cpm.sh -s
SOLR 7804 E 1 [16:43:48] 5/10/2017 N java_solr /opt/CPrt-R80/conf/jetty.xml
RFL 7817 E 1 [16:43:48] 5/10/2017 N LogCore
SMARTVIEW 7848 E 1 [16:43:48] 5/10/2017 N SmartView
INDEXER 7956 E 1 [16:43:48] 5/10/2017 N /opt/CPrt-R80/log_indexer/log_indexer
SMARTLOG_SERVER 7975 E 1 [16:43:48] 5/10/2017 N /opt/CPSmartLog-R80/smartlog_server
CPSEMD 8080 E 1 [16:43:49] 5/10/2017 Y cpsemd
CPSEAD 8083 E 1 [16:43:49] 5/10/2017 N cpsead
DASERVICE 9822 E 1 [13:25:20] 5/10/2017 N DAService_script

When we try to check logs, there is an error and logs are not shown int the smartconsole.

I followed differents sk119335

Can you help me to fix this ?

Thanks for you help,

6 Replies
Admin
Admin

Re: Log server is disconnected

Can you verify after the steps were performed that the checkbox to enabled log indexing is still enabled?

Also, what hardware is your log server installed on (CPU cores, RAM, etc)? 

If you have insufficient RAM in particular, the log indexing processes won't start. 

0 Kudos

Re: Log server is disconnected

Hi,

Thanks.

This is en open server based with 8 CPU and 8 Gb RAM and 500GoHDD. The log server is installed on vmware.

Everything seems ok (SIC, Processes, enable log indexing...), the log indexing processes starts on the log server. The SG send logs to the logs server. 

The issue is when we try to see logs from the remote logs server from the smartconsole.

Thank you,

0 Kudos
Admin
Admin

Re: Log server is disconnected

8GB of RAM is a bare minimum, I suspect more would help, even just as a log server.

The Check Point TAC may be able to do additional troubleshooting: Contact Support | Check Point Software 

0 Kudos

Re: Log server is disconnected

I apologise upfront if I'm asking to check silly and obvious.. Smiley Happy

  • database install after log server was created?
  • we use MDS so I'm not too sure how it looks with SCS, but you are not trying to log into log server directly? As in you connect to your primary management IP and then open log tab - that's when you see the error?
  • have you checked the "Gateways and Servers" tab (SmartView Monitor) and see if there's anything obvious there?
0 Kudos

Re: Log server is disconnected

Hi,

Thank you all of you.

As suggested by Dameon, i opened a SR to checkpoint support.

0 Kudos

Re: Log server is disconnected

I had a similar problem with a log server in Azure. In our case, it was because we needed to allow TCP port 8211. I found that in sk119497 at the bottom of the article for the implied rule accept_remote_smartlog.

0 Kudos