Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MZayn
Participant
Jump to solution

I can not see any audit log on Checkpoint FW R81.10

When I checked the audit log ,there are not any logs for any times. How could it happen? Does Check Point delete audit log history? How can fix this ?  Thank you so much for now.

 

0 Kudos
1 Solution

Accepted Solutions
MZayn
Participant

Thank you for your all kindly  assistance. We resolved the problem with the reboot.🙈

View solution in original post

0 Kudos
14 Replies
Chris_Atkinson
Employee Employee
Employee

Did you revert to a previous revision recently?

How is the available storage space for the system?

Which Jumbo take is the system currently running?

CCSM R77/R80/ELITE
0 Kudos
MZayn
Participant

 I have not an idea if it reverts to previous revision . I can see the currently revisions but I can not see details.

 

Take:78 in use.

0 Kudos
the_rock
Legend
Legend

Do you see any audit logs for previous time periods? Say if you search for something back in February or January? Your disk space is fine, so thats definitely not a concern.

Any clue when was last time this worked?

Andy

0 Kudos
MZayn
Participant

I had chosen different times frame but unfortunately, there is no audit log.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Did you try Legacy SV Tracker  ? If there also nothing is shown:

Connect to SMS using ssh and look into /var/log/audit/audit.log !

If no Audit logs are present, contact TAC ! According to https://support.checkpoint.com/results/sk/sk105805, Audit logs can be reduced but not disabled... Could be a FWM process issue (look at cpwd_admin list output).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MZayn
Participant

the last audit log was on 29 Jan. After that there is no audit log into  "/var/log/audit/audit.log". 
According to  sk105805, the options clicked on the system logging.

According to the command "cpwd_admin list," all services are up.

in the meantime,
I would like to share a correction which is the hotfix version take:78.

 

0 Kudos
the_rock
Legend
Legend

I agree with @G_W_Albrecht , definitely contact TAC for this. Personally, I would install latest jumbo (take 87) and see what happens, but if no change, open a support case, for sure.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

According to sk105805, Audit can not be disabled - so this is a new issue afaik. No harm in latest Jumbo install, but i fear it will not help.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

You are probably correct, I also doubt it will help, but does not hurt to try.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Take 82:

PRJ-42859,PRHF-26649

Security Management:

After performing the "Revert to Revision" operation, new Audit logs cannot be seen in the Logging&Monitoring View in SmartConsole.

CCSM R77/R80/ELITE
0 Kudos
MZayn
Participant

Thank you for your all kindly  assistance. We resolved the problem with the reboot.🙈

0 Kudos
the_rock
Legend
Legend

Well, whatever it takes to fix the problem...good job 👍

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Can you run a simple test, for example define a new Host and Publish and check to see if the Audit Log is created?

Can you also check various time frames in log query?

0 Kudos
MZayn
Participant

I did but still no any log. It still says "no matches found for your search"

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events