cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Gateway logs on Smartlog after SMS outages

Jump to solution

Hi,

I have network logs on my gateway when I have stopped the manager (cpstop on SMS)

On the output of my "fw log -n - p" command on gateway, I see many connection logs on that time interval. When I search the connections on my Smartlog after cpstrat of my SMS, I could not see the same connection logs on the Smartlog.

What may be the reason? Does SMS gets the logs automatically after cpstart or that I should do some manuel process?

B.R.

1 Solution

Accepted Solutions

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

hi,

Just to help here, I came across several 'issues' in R77.30 where once the logging stopped to a log server , it never restarted by itself.

Only way we found was to create a dummy object in the policy, add that as the log server, push policy, then put back the original log server object, push policy again.

This was the only foolproof method we found.

However If you want to configure gateways to send any locally collected logs to the SMS/MDS once the connection is back up, you need to go under Logs > Additional Logging on the gateway or cluster object and configure Forward Logs to Log Server and specify a time interval (midnight). This may be different in R80 but certainly worked in r77.30.

thanks

Peter

12 Replies

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

When SMS is unavailable, GWs switch to local logging. But you can manually copy the missing logs to the SMS, rebuild the index and all should be fine. Please check the document SMB security log files i wrote some time ago for details !

0 Kudos

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

If I do not do this manuel process, all logs will be kept in the gateway. If I lost the gw, I will lost the logs also. I think it should be an automatic process as soon as SMS comes back online.

0 Kudos

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

You need to push policy and after that gateway will start logging to SMS (in case 257/tcp port is reachable towards SMS and SMS is fully cpstarted).

Kind regards,
Jozko Mrkvicka
0 Kudos

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

Where did you get that information from ? There are some cases when policy install is necessary, but here, a cprestart on SMS will do the job. Afaik GW will connect again to the SMS when logging port 257 is open again for receiving...

0 Kudos

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

The logic may be changed within R80.x, but as we are still using R77.30 (MDS / GW), it was observed like I described.

We are using 2 dedicated logservers, and in case 1 of them went down, the gateways will start logging locally no matter if logserver went up again in few minutes. We had to push the policy, or remove logserver which was down and push the policy to start logging only to one logserver. We will do maintenance on 1 logserver soon, so I can verify that behaviour again.

Kind regards,
Jozko Mrkvicka

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

hi,

Just to help here, I came across several 'issues' in R77.30 where once the logging stopped to a log server , it never restarted by itself.

Only way we found was to create a dummy object in the policy, add that as the log server, push policy, then put back the original log server object, push policy again.

This was the only foolproof method we found.

However If you want to configure gateways to send any locally collected logs to the SMS/MDS once the connection is back up, you need to go under Logs > Additional Logging on the gateway or cluster object and configure Forward Logs to Log Server and specify a time interval (midnight). This may be different in R80 but certainly worked in r77.30.

thanks

Peter

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

Hi Peter,

Thank you for your reply. 

As I understood, it is a scheduled (at midnight) process, gw does not send the logs as soon as the sms gets online. Am I right? Then, Is there a way to make it in that way?

BR

0 Kudos

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

Hi ,

You can create a schedule object for whatever time you like

Thanks

Peter

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

I have scheduled as 3 minutes. It works. Thanks. Now the smartlog shows the outage logs and removes them from the gw. 

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

There is a log file switch performed by default at midnight. Any other log file switches are additional.

0 Kudos

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

If log file reached 2GB in size, then will be switched automatically.

Kind regards,
Jozko Mrkvicka
0 Kudos

Re: Gateway logs on Smartlog after SMS outages

Jump to solution

I see - so what i said is only true for GW sending directly to SMS only (in that deployment, logging changed to SMS again).