Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

FW logs shows in tracker but not in smartconsole logs

Hi All,

Weird scenario atm.. we have a management server (with log server) running R80.30 with 4 clusters sending logs to it al working as expected..

We added a new cluster (80.10) recently but for some weird reason I cannot see logs in the smartconsole..

I can confirm logs are being sent correctly to the sms..

If I open the console, go to 'logs & monitor', select 'new tab' and select logs and log view.. I see all the other FWs logs.. but no logs from the new cluster..

now here's the kicker..

- the new cluster's logs are showing in the tracker fine.. along with al the other FWs..

- also I can see the new cluster's logs in smartconsole only if I go to logs, select 'options', 'file' and then choose to 'open log file' and select the 'fw.log' - then i can see them.

It is just when you open the default log tab none of the logs shows.. which is using the fw.log file also.

so its only if I manually select to open the fw.log file that I can see the logs.. if that makes sense.

Could this be a bug perhaps? or maybe need to reindex?

 

any ideas?

thanks in advance.

 

0 Kudos
Reply
8 Replies
Highlighted
Champion
Champion

I've seen this before, try performing an "Install Database" operation which should refresh the indexer.  If that doesn't work restart the indexer with the evstop ; evstart command.

 

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
Highlighted
Contributor

Thanks.. but have done that already.. and even rebooted management log server.. no luck 😞

0 Kudos
Reply
Highlighted
Champion
Champion

Hmm, from the SmartConsole Logs & Monitor screen open a brand new empty logging tab, then in the lower-left corner click SmartEvent Policies and Settings.  From the new SmartEvent GUI that appears reinstall the Event Policy, then click the "System Status" hyperlink in the lower-right corner.  Any log server errors being reported?

 

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
Highlighted
Contributor

Checked... everything is green and sync'd... so no errors etc.

I have logged a call with CP also.. will see if they can pick anything up on it.

regards

0 Kudos
Reply
Highlighted
Champion
Champion

OK great, please post a follow-up to this thread when the solution is found.

 

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
Highlighted
Employee++
Employee++

Tracker & Open Log-File via Options button are basically the same, using the Non-Index mode I/S to query the log-file directly.

the Logs view uses the log-Indexing I/S (aka SmartLog) to show the logs, so your issue seems to be there.

Indeed very strange, as existing Clusters work.

 

Let's verify this new GW/Cluster's time is synced.

and try querying for its origin specifically, like orig:<New_CtrGW_Name>.

 

 

 

0 Kudos
Reply
Highlighted
Participant

Hello,


We had exactly the same problem before.

This happened after we changed the Management's IP address. Once we reverted back to the old IP address it worked as expected.

0 Kudos
Reply
Highlighted
Admin
Admin

After adding a new GW object or changing IP addresses of your GWs and/or management servers, Install Database action is required to be performed on all log servers to show new / modified objects correctly.

 

 

0 Kudos
Reply