cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Nickel

FW logs shows in tracker but not in smartconsole logs

Hi All,

Weird scenario atm.. we have a management server (with log server) running R80.30 with 4 clusters sending logs to it al working as expected..

We added a new cluster (80.10) recently but for some weird reason I cannot see logs in the smartconsole..

I can confirm logs are being sent correctly to the sms..

If I open the console, go to 'logs & monitor', select 'new tab' and select logs and log view.. I see all the other FWs logs.. but no logs from the new cluster..

now here's the kicker..

- the new cluster's logs are showing in the tracker fine.. along with al the other FWs..

- also I can see the new cluster's logs in smartconsole only if I go to logs, select 'options', 'file' and then choose to 'open log file' and select the 'fw.log' - then i can see them.

It is just when you open the default log tab none of the logs shows.. which is using the fw.log file also.

so its only if I manually select to open the fw.log file that I can see the logs.. if that makes sense.

Could this be a bug perhaps? or maybe need to reindex?

 

any ideas?

thanks in advance.

 

0 Kudos
8 Replies
Highlighted

Re: FW logs shows in tracker but not in smartconsole logs

I've seen this before, try performing an "Install Database" operation which should refresh the indexer.  If that doesn't work restart the indexer with the evstop ; evstart command.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
Highlighted
Nickel

Re: FW logs shows in tracker but not in smartconsole logs

Thanks.. but have done that already.. and even rebooted management log server.. no luck 😞

0 Kudos
Highlighted

Re: FW logs shows in tracker but not in smartconsole logs

Hmm, from the SmartConsole Logs & Monitor screen open a brand new empty logging tab, then in the lower-left corner click SmartEvent Policies and Settings.  From the new SmartEvent GUI that appears reinstall the Event Policy, then click the "System Status" hyperlink in the lower-right corner.  Any log server errors being reported?

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Nickel

Re: FW logs shows in tracker but not in smartconsole logs

Checked... everything is green and sync'd... so no errors etc.

I have logged a call with CP also.. will see if they can pick anything up on it.

regards

0 Kudos
Highlighted

Re: FW logs shows in tracker but not in smartconsole logs

OK great, please post a follow-up to this thread when the solution is found.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Employee+
Employee+

Re: FW logs shows in tracker but not in smartconsole logs

Tracker & Open Log-File via Options button are basically the same, using the Non-Index mode I/S to query the log-file directly.

the Logs view uses the log-Indexing I/S (aka SmartLog) to show the logs, so your issue seems to be there.

Indeed very strange, as existing Clusters work.

 

Let's verify this new GW/Cluster's time is synced.

and try querying for its origin specifically, like orig:<New_CtrGW_Name>.

 

 

 

0 Kudos
Highlighted

Re: FW logs shows in tracker but not in smartconsole logs

Hello,


We had exactly the same problem before.

This happened after we changed the Management's IP address. Once we reverted back to the old IP address it worked as expected.

0 Kudos
Highlighted

Re: FW logs shows in tracker but not in smartconsole logs

After adding a new GW object or changing IP addresses of your GWs and/or management servers, Install Database action is required to be performed on all log servers to show new / modified objects correctly.

 

 

0 Kudos