Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dergio
Participant
Jump to solution

Log entries only with Tcp State

Hi everybody,

I have recently many of the attached log entries. I cannot figure out, why I have them and where they coming from. These messages have no

  • Action
  • Source
  • Destination
  • Interface

Only the Tcp State is logged. The weird thing is, it's the only cluster which is doing this. I'm running R81.10 (HF T95). 

Maybe someone can shed some light on this. I actually stuck.

Thanks a lot in advance.

Gion

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend

Someone has turned on TCP state logging which is not enabled by default.  This feature was mentioned in my Max Power 2020 book, pages 319-322.  See sk101221: TCP state logging

Looks to me like in your case the TCP state updates are not being properly tacked on to the existing log entry; I would speculate that perhaps you only have session logging enabled for the rule matching this connection, but not connection logging which is I imagine where the TCP state updates will need to go.  For the difference between the two see my 2022 CPX speech Max Gander: The Hidden World of Log Generation and...

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

(1)
6 Replies
_Val_
Admin
Admin

There is nothing attached.

0 Kudos
dergio
Participant

 

 New try to upload the screenshot. sorry.

2023-06-14 15_01_04-Log Details.jpg

0 Kudos
PhoneBoy
Admin
Admin

Please open a TAC case to investigate: https://help.checkpoint.com 

0 Kudos
dergio
Participant

Thank you PhoneBoy, will do. Hopped to avoid it.

0 Kudos
Timothy_Hall
Legend Legend
Legend

Someone has turned on TCP state logging which is not enabled by default.  This feature was mentioned in my Max Power 2020 book, pages 319-322.  See sk101221: TCP state logging

Looks to me like in your case the TCP state updates are not being properly tacked on to the existing log entry; I would speculate that perhaps you only have session logging enabled for the rule matching this connection, but not connection logging which is I imagine where the TCP state updates will need to go.  For the difference between the two see my 2022 CPX speech Max Gander: The Hidden World of Log Generation and...

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
(1)
dergio
Participant

Thank you Timothy

That was it! I had the TCP state logging enabled (sk101221). I also had the session logging without connections enabled, but that I have fixed before. Now it looks good.

Thanks a lot again.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events