This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
P_Williams
Contributor
yesterday
Jump to solution

Single VSY within VSX environment wont send logs to dedicated log server

Hi,

We have a VSX environment running latest R81 hotfix. I have created a new virtual system ID 8 but I cant get it to communicate with the log server. The log server is in a separate network. There are a total of 8 virtual devices on this vsx, 5 systems/gateways, and 3 virtual switches. The other 4 virtual systems communicate with the log server fine.

When I do #cpstat fw -f log_connection on the vsenv with the issue I get

:8]# cpstat fw -f log_connection

Overall Status: 2
Overall Status Description: Security Gateway is unable to report logs to any log server
Local Logging Mode Description: Logs are written to log server
Local Logging Mode Status: 0
Local Logging Sending Rate: 0
Log Handling Rate: 0


Log Servers Connections
-----------------------------------------------------------
|IP |Status|Status Description |Sending Rate|
-----------------------------------------------------------
|172.25.116.31| 1|Log-Server Disconnected| 0|
-----------------------------------------------------------

And if I go to vsenv 0 and do #netstat -nap | grep 172.25.116.31

:0]# netstat -nap | grep 172.25.116.31
tcp 0 0 172.20.253.60:46836 172.25.116.31:257 TIME_WAIT -
tcp 0 0 172.20.253.60:34374 172.25.116.31:257 ESTABLISHED 5432/fwd
tcp 0 0 172.20.253.60:56275 172.25.116.31:257 ESTABLISHED 6098/fwd
tcp 0 0 172.20.253.60:50498 172.25.116.31:257 ESTABLISHED 6186/fwd
tcp 0 0 172.20.253.60:64858 172.25.116.31:257 ESTABLISHED 5922/fwd

The above must show the five virtual systems communicating (or trying to) with the log server with 4 Established and working and one Time_Wait and not working. But it shows end to end connectivity between the mgmt interface and the server.

I can configure the new virtual system to send logs to our SMS server 172.20.116.30 and that works

:8]# cpstat fw -f log_connection

Overall Status: 0
Overall Status Description: Security Gateway is reporting logs as defined
Local Logging Mode Description: Writing logs locally due to connectivity problems
Local Logging Mode Status: 2
Local Logging Sending Rate: 0
Log Handling Rate: 0


Log Servers Connections
--------------------------------------------------------
|IP |Status|Status Description |Sending Rate|
--------------------------------------------------------
|172.20.116.30| 0|Log-Server Connected| 0|
--------------------------------------------------------

And if I send some dummy ping from that vsenv 8 to the Internet it shows in the logs. See attachments.

8]# ping 14.15.16.17
PING 14.15.16.17 (14.15.16.17) 56(84) bytes of data.
^C
--- 14.15.16.17 ping statistics ---
150 packets transmitted, 0 received, 100% packet loss, time 149000ms

 

So I dont know where to look now. It may be something on the dedicated log server but I am unfamiliar with troubleshooting on that. 

 

 

Preview file
23 KB
0 Kudos
1 Solution

Accepted Solutions
emmap
Employee
Employee
yesterday
Jump to solution

Try doing an 'Install database' on the log server (or just all the mgmt servers). This can commonly resolve logging issues with new gateways.

View solution in original post

0 Kudos
2 Replies
emmap
Employee
Employee
yesterday
Jump to solution

Try doing an 'Install database' on the log server (or just all the mgmt servers). This can commonly resolve logging issues with new gateways.

0 Kudos
P_Williams
Contributor
16 hours ago
In response to emmap
Jump to solution

Thank you emmap, that has fixed it

0]# netstat -nap | grep 172.25.116.31
tcp 0 0 172.20.253.60:56329 172.25.116.31:257 ESTABLISHED 6027/fwd
tcp 0 0 172.20.253.60:34374 172.25.116.31:257 ESTABLISHED 5432/fwd
tcp 0 0 172.20.253.60:56275 172.25.116.31:257 ESTABLISHED 6098/fwd
tcp 0 0 172.20.253.60:50498 172.25.116.31:257 ESTABLISHED 6186/fwd
tcp 0 0 172.20.253.60:64858 172.25.116.31:257 ESTABLISHED 5922/fwd

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events