Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ants
Contributor

FW logs shows in tracker but not in smartconsole logs

Hi All,

Weird scenario atm.. we have a management server (with log server) running R80.30 with 4 clusters sending logs to it al working as expected..

We added a new cluster (80.10) recently but for some weird reason I cannot see logs in the smartconsole..

I can confirm logs are being sent correctly to the sms..

If I open the console, go to 'logs & monitor', select 'new tab' and select logs and log view.. I see all the other FWs logs.. but no logs from the new cluster..

now here's the kicker..

- the new cluster's logs are showing in the tracker fine.. along with al the other FWs..

- also I can see the new cluster's logs in smartconsole only if I go to logs, select 'options', 'file' and then choose to 'open log file' and select the 'fw.log' - then i can see them.

It is just when you open the default log tab none of the logs shows.. which is using the fw.log file also.

so its only if I manually select to open the fw.log file that I can see the logs.. if that makes sense.

Could this be a bug perhaps? or maybe need to reindex?

 

any ideas?

thanks in advance.

 

0 Kudos
8 Replies
Timothy_Hall
Legend Legend
Legend

I've seen this before, try performing an "Install Database" operation which should refresh the indexer.  If that doesn't work restart the indexer with the evstop ; evstart command.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Ants
Contributor

Thanks.. but have done that already.. and even rebooted management log server.. no luck 😞

0 Kudos
Timothy_Hall
Legend Legend
Legend

Hmm, from the SmartConsole Logs & Monitor screen open a brand new empty logging tab, then in the lower-left corner click SmartEvent Policies and Settings.  From the new SmartEvent GUI that appears reinstall the Event Policy, then click the "System Status" hyperlink in the lower-right corner.  Any log server errors being reported?

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Ants
Contributor

Checked... everything is green and sync'd... so no errors etc.

I have logged a call with CP also.. will see if they can pick anything up on it.

regards

0 Kudos
Timothy_Hall
Legend Legend
Legend

OK great, please post a follow-up to this thread when the solution is found.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Dror_Aharony
Employee Alumnus
Employee Alumnus

Tracker & Open Log-File via Options button are basically the same, using the Non-Index mode I/S to query the log-file directly.

the Logs view uses the log-Indexing I/S (aka SmartLog) to show the logs, so your issue seems to be there.

Indeed very strange, as existing Clusters work.

 

Let's verify this new GW/Cluster's time is synced.

and try querying for its origin specifically, like orig:<New_CtrGW_Name>.

 

 

 

0 Kudos
kaanyenilmez
Participant

Hello,


We had exactly the same problem before.

This happened after we changed the Management's IP address. Once we reverted back to the old IP address it worked as expected.

0 Kudos
_Val_
Admin
Admin

After adding a new GW object or changing IP addresses of your GWs and/or management servers, Install Database action is required to be performed on all log servers to show new / modified objects correctly.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events