cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
rajesh_s
Nickel

Checkpoint Gateways are not sending the logs to Checkpoint management server

Hi All,

We are using Checkpoint R77.30 firewall, Gateways are not sending the logs to Checkpoint management server, Is anyone has similar issue?.

15 Replies

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

I think I have the same issue. My coffee machine at home doesn't want to make cappuchino sometimes. Maybe you know the reason for that?

Information, details about the setup, logs, configs and settings, your actions and tests? Nobody will be able to help you without some basic input information.

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

I had this happen when my management server died, and was off line for a couple of days while I rebuilt the RMA unit.  I called support, and there is a way to go into each gateway and jog its memory.  However, the simpler way was to do a policy push to each gateway/cluster that the management server managed.

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

Hi,

- check management interface in GAIA GUI

- add no NAT rule from GW to Management

- add log rule (from GW to Management)

- check log port on Management ( netstat -na | grep  257)

- do you see log trafffic (tcpdump -i <ethx> port 257)

- check drops (fw ctl zdebug drop | grep 257)

- check log server in global properties

- check on GW the masters.cf file - the log server should be entered here

- see SK Troubleshooting Check Point logging issues when Security Management Server / Log Server is not recei... 

Otherwise open a Check Point ticket.

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

You can add, make sure the Mgmt machine's main IP (object global properties) is on the same network as the GW. It doesn't seem to matter if the policies reach the GW when you push and both machines have the correct interface set to Mgmt. Unless the displayed IP matches it doesn't seem to work.

0 Kudos

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

One more tip, if your log server is separate from Mgmt then install database and then push policy.

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

in addition to tips provided by Heiko Ankenbrand,  check free space in your log server, if not create sufficient space. most of the cases below procedure saved my day. 

  • create a dummy Mgmt server Object in the Dashboard as a temp log server (Dummy_mgmt)
  • From the Logs option under Cluster or gateway properties , untag the Management Server from the logger and add a temp_log (Dummy_mgmt)) server object
  • Installed the Database & pushed the policy. 
  • Post that we have to revert back the changes and again installed DB & pushed the policy to the gateway. ( means untag current temp_log object and select original management or log server)
  • check  "netstat -na | grep  257" to verify port status. it should be in established state

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

I like the idea but a dummy log server on the same IP can lead to problems. The problem is that the dummy and the original log server want to share port 257. There may be problems here.

Regards

Heiko

0 Kudos

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

If all these tips don't help, I'd open a ticket.

Regards,

Heiko

0 Kudos

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

any non conflicting IP would work

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

See sk38848, sk40090, sk108707 & sk66381

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

Hi Rajesh,

Heiko has provided nice steps to troubleshoot this issue. After going through all this steps, definitely you will come to conclusion.  

rajesh_s
Nickel

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

Hi All, 

Finally issue has resolved, Thank you all for your help in fixing the issue.

Spacial thanks to Mr. "Aleksei Shelepov" for His  great Suggestion 

.

Employee
Employee

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

Hi,

how did you resolve the issue ? I had similar issue after upgrade to R80.10, and one of R77.30 SMS suddenly failed to receive log. Tried Reboot, reset SIC, log switch , but just not work (also try script to drop monitoring dB using the script in sk for 80.10).

R77.30 mgmt : no log

R80.10 mgmt; no log , no status , but can see the standby mgmt status

Sunny

0 Kudos
rajesh_s
Nickel

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

Hi

Log file was corrupted, I created the new log file and moved old logs to new log file, It worked.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
Employee
Employee

Re: Checkpoint Gateways are not sending the logs to Checkpoint management server

Hi,

I tried this solution, but not works, then i simply disable the "log" option in mgmt object's property, install policy, and then enable the option, and install policy again, then logging resumed.

the above works for the r77.30 mgmt and gateway

for my R80.10 mgmt and r77.30, after i install policy to one vs, the mgmt can receive log from all gateway. but still not be able to see gateways' status.

Sunny