This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
Advisor
‎2023-10-26 10:17 PM

Identify Appliances CP crashes

Hello, Mates.

 

Which files are recommended to check, for example in a SMS, Smart Event, or GW (Appliances), when you have a "crash" or "reboot" of one of these equipments, in an "unexpected" moment?

 

We want to identify why some equipment "crashed" (SMS and Smart Event), maybe because of a software problem of the equipment (high CPU or memory consumption), or some additional cause.

 

Are there files that allow us to have a vision of what could have happened, without resorting to the TAC?

 

Thanks for your comments.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-10-27 09:32 AM

cpview captures a lot of historical data that can be used to view the system at specific points of time.
HealthCheck Point can also provide a timeline report with critical events: https://support.checkpoint.com/results/sk/sk171436

Beyond that, you're looking into various logs (/var/log/messages, $FWDIR/log/*.elg).
Any core files you find can only be analyzed by TAC, but the fact they exist indicate an issue.

0 Kudos
the_rock
Legend
Legend
‎2023-10-28 08:06 AM

You can check /var/log/crash and /var/log/dump/usermode directories. Also, you can run cpview -s export command and it will tell you where zip file is located, so you can export the file and review it offline.

Cheers,

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2023-10-28 08:57 AM

Certain kernel faults will cause a reboot. They generally try to produce a core dump first, but this isn't always possible. If you get a core dump, only the TAC (or really, CFG) will have the debug symbols needed to tell what happened.

Other than that, almost all spontaneous reboots are caused by hardware faults. For example, if you have bad power or if your power supply is faulty, high processor usage can draw more power than the power supply can provide without voltage droop, also known as a brownout. This won't leave any logs or indication of the cause of the problem in the OS. A good LOM will log a brownout or most other hardware faults. Check Point's branded boxes do not have good LOM.

High resource consumption will never cause a reboot directly.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events