Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SuchitSrivastav
Contributor
Jump to solution

Checkpoint R81.20 Logging Issue

Hi CheckMates,

I have recently upgraded my Checkpoint Management Server from R80.30 to R81.20. So far, things looks good but I've started facing issue with Logging. When I open Logs&Monitor tab, in Logs I'm not able to see the Logs itself. To see the logs I've to open the specific log file. I've enabled log indexing etc. and my logging partition has more than 2TB space that should not be something with space.

I've detached & attached the log server from multiple gateways, just for testing purpose but no luck.

Any leads can suggest urgently if you've seen such issues? I've logged a TAC case but they told me this is something new issue for them too with R81.20.

PS: I'm aware that old log index wouldn't be upgraded in R81.x. I'm referring here about new log files that is being created post upgrade.

Thank you!!

0 Kudos
35 Replies
Blason_R
Leader
Leader

I personally do not have experience on R81.20 hence did not want to jump to this issue. However going through the conversation since the logs are being observed in cplgv then its a indexing issue for sure. What does your solr.elg file says? Any exceptions?

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend

Lets wait for @SuchitSrivastav to confirm if what he tried yesterday worked or not. But generally, I agree with all you said 100%. TAC engineer gave me this sk when customer had similar issue last year. @SuchitSrivastav , maybe worth a try?

Andy

Able to view and open log files from legacy SmartView Tracker, but unable to view log files from Sma...

 

Screenshot_1.png

0 Kudos
Liat_Cihan
Employee
Employee

We seem to have found the problem and it has nothing to do with R81.20. It lies in the DB (IP conflict).
@SuchitSrivastav - we will contact you with the solution.

the_rock
Legend
Legend

I knew you would find the problem! Amazing work as always.

0 Kudos
SuchitSrivastav
Contributor

Hi Guys,

Apologies, I'm posting late here. Issue has been resolved now with help of TAC. 

Yep, it was IP confliction between two log servers. Since each log has a field named irg_log_server that is the uuid of the LS that indexed the log. When RFL get a log it verifies that a LS with the same UUID exists in the file $RTDIR/conf/logServerConfig.xml/ which in this case included only a single LS. In such case, RFL discards the logs with that orig_log_server value since it cannot find in it configuration files any LS with such UUID. 

 

After restarting log_indexer the configuration files were rebuilt and logs are seen.

Thank you everyone for your support and suggestions. 

Happy New Year to all in advacne! 

the_rock
Legend
Legend

Awesome news!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events