This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Prabulingam_N1
Advisor
‎2018-03-08 11:32 PM

CPLogToSyslog process getting Terminated frequently

Dear All,

We have integrated ArcSight Syslog with Checkpoint R80.10 with JHF_Take_46 as per 

sk109016, sk115392, sk121334

$FWDIR/state/SEAM/local.cplogtosyslog_policy.C is configured correctly.

For 2 days, ArcSight was receiving the logs. But stopped.

With "cpwd_admin list" - CPLogToSyslog process getting Terminated and tried restarting as well but no luck.

Took CPLogToSyslog debug as well, but all it states that UDP succeeded for ArcSight IP in 514 port.

Fwm.elg as well with no clue.

Any help to see why CPLogToSyslog process getting Terminated constantly.


(No drops as well Firewall during restart of CPLogToSyslog process or with ArcSight IP)

Regards, Prabulingam.N

8 Replies
PhoneBoy
Admin
Admin
‎2018-03-09 07:29 AM

Have you opened a TAC case, by chance?

0 Kudos
Prabulingam_N1
Advisor
‎2018-03-22 11:58 PM
In response to PhoneBoy

Dear Dameon,

I had opened TAC case for this but awaiting for inputs.

In meanwhile I had also tried with Take_56 JHF and CPLogToSyslog_Take_56. No luck, still the process getting terminated and logs not getting forwarded.

Not sure is there any stability concern on Take_42 and Take_56 of CPLogToSyslog HFs.

Regards, Prabulingam.N

0 Kudos
PhoneBoy
Admin
Admin
‎2018-03-23 04:33 AM
In response to Prabulingam_N1

I recommend using the new Log Exporter tool instead of CPLogToSyslog: https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

0 Kudos
Prabulingam_N1
Advisor
‎2018-03-23 10:38 AM
In response to PhoneBoy

Dear Daemon,

Yes, I could achieve good results using Log_Exporter instead of CPLogToSyslog.

Thanks to Yonatan as well.

Regards, Prabulingam.N

0 Kudos
RickHoppe
Advisor
‎2018-03-09 11:00 PM

We ran into crashes with CPLogToSyslog as well and replaced it with the EA of the Logout tool (sometimes also mentioned as Logexporter). Contact TAC for this.

My blog: https://checkpoint.engineer
0 Kudos
Prabulingam_N1
Advisor
‎2018-03-09 11:05 PM
In response to RickHoppe

Dear Rick/Daemon,

Thanks for your inputs.

Not yet opened TAC case.

But this I had also observed with another customer where after few days CPLogToSyslog process gets terminated and doesn't comes up.

Let me check this and probably I can update the result.

Regards, Prabulingam.N

0 Kudos
Yonatan_Philip
Employee Alumnus
Employee Alumnus
‎2018-03-21 10:21 AM

Hello,

 

A new log exporting tool has been released. This tool will be replacing CPLogToSyslog.

You can find all relevant details in Logs Exporter - Check Point Logs Export.

 

The new tool has built-in CEF conversion which was developed in collaboration with Micro Focus.

Regards,

 Yonatan 

0 Kudos
Prabulingam_N1
Advisor
‎2018-03-21 11:08 PM
In response to Yonatan_Philip

Dear Yonatan,

Thanks for headsup. Let me try this.

Regards, Prabulingam.N

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events