Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Employee
Employee

No logging from Access Control policy

R80.40 JHF 48  on GW and Mgmt

Created a policy using inline app/URLF rules.  I get logging on all the app/URLF rules but no other rules in the access control policy log.  Has anyone seen this behavior before?

0 Kudos
9 Replies
Highlighted
Employee
Employee

Before anyone ask, yes, tracking is set to Log on the rule I want to get logs on.
0 Kudos
Highlighted

Can you see more than just the APCL/URLF logs if you fire up the old SmartView Tracker (CPlgv.exe) and look at the logs that way?  If they are there that indicates some kind of log indexing problem.  If the additional logs are not present in the Tracker that indicates some kind of policy configuration issue.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Employee
Employee

@Timothy_Hall  I went into SmartView and the logs are in there.  Looks like an indexing problem.  Now to find an SK to fix that.  Thank you for the bread crumbs!

0 Kudos
Highlighted

OK if you could post a follow-up with the solution that would be great, there seems to be many different ways for this to happen.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Admin
Admin

What is the hardware configuration of your management?
If it's under spec, Log Indexing is disabled by default.
It can also be manually disabled in the SmartConsole object as well.
0 Kudos
Highlighted
Employee
Employee

Turning on indexing did not resolve the issue but I did find that if I open a log file, I can see all the logs.  I am surprised I would need to do that.  Have either of you seen that?

 

0 Kudos
Highlighted
Silver

I've had this issue after upgrading a management station to R80.30. No logs from the security blade, only TP, solved after File --> Open fw.log. Logs were visible continuously after that.

0 Kudos
Highlighted
Employee
Employee

Same here.  Now I am trying to see if I can force that file to be the default.

0 Kudos
Highlighted
Employee
Employee

@Timothy_Hall and @PhoneBoy 

After some looking up, I found that the logs exist but I have to open the log for the day I would like to get from:

7-6-2020 2-58-31 PM.jpg

 
 

There doesn't seem to be a way to make this behavior by default.  Any ideas?

0 Kudos