Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
POAL
Participant
Jump to solution

Log exporter crashing

Hi, 

We are trying to run log exporter in our environment for the fist time and it keeps crashing after some time. 

 

 

[Expert@#####:0]# cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 4024 E 1 [16:26:16] 24/10/2019 N cpviewd
HISTORYD 4027 E 1 [16:26:16] 24/10/2019 N cpview_historyd
CPD 4039 E 1 [16:26:16] 24/10/2019 Y cpd
FWD 4150 E 1 [16:26:20] 24/10/2019 N fwd -n
FWM 4153 E 1 [16:26:20] 24/10/2019 N fwm
SOLR 4341 E 1 [16:26:20] 24/10/2019 N java_solr /opt/CPrt-R80/conf/jetty.xml
RFL 4388 E 1 [16:26:20] 24/10/2019 N LogCore
SMARTVIEW 4412 E 1 [16:26:20] 24/10/2019 N SmartView
INDEXER 4538 E 1 [16:26:21] 24/10/2019 N /opt/CPrt-R80/log_indexer/log_indexer
SMARTLOG_SERVER 4565 E 1 [16:26:21] 24/10/2019 N /opt/CPSmartLog-R80/smartlog_server
CPM 4650 E 1 [16:26:22] 24/10/2019 N /opt/CPsuite-R80/fw1/scripts/cpm.sh -s
EXPORTER.##### 4672 E 1 [16:26:22] 24/10/2019 N /opt/CPrt-R80/log_exporter/targets/#####/log_exporter -export /opt/CPrt-R80/log_exporter/targets/#####/targetConfiguration.xml
CPSEMD 4879 E 1 [16:26:22] 24/10/2019 N cpsemd
CPSEAD 4885 E 1 [16:26:22] 24/10/2019 N cpsead
DASERVICE 4919 E 1 [16:26:23] 24/10/2019 N DAService_script
[Expert@#####:0]# cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 4024 E 1 [16:26:16] 24/10/2019 N cpviewd
HISTORYD 4027 E 1 [16:26:16] 24/10/2019 N cpview_historyd
CPD 4039 E 1 [16:26:16] 24/10/2019 Y cpd
FWD 4150 E 1 [16:26:20] 24/10/2019 N fwd -n
FWM 4153 E 1 [16:26:20] 24/10/2019 N fwm
SOLR 4341 E 1 [16:26:20] 24/10/2019 N java_solr /opt/CPrt-R80/conf/jetty.xml
RFL 4388 E 1 [16:26:20] 24/10/2019 N LogCore
SMARTVIEW 4412 E 1 [16:26:20] 24/10/2019 N SmartView
INDEXER 4538 E 1 [16:26:21] 24/10/2019 N /opt/CPrt-R80/log_indexer/log_indexer
SMARTLOG_SERVER 4565 E 1 [16:26:21] 24/10/2019 N /opt/CPSmartLog-R80/smartlog_server
CPM 4650 E 1 [16:26:22] 24/10/2019 N /opt/CPsuite-R80/fw1/scripts/cpm.sh -s
EXPORTER.##### 0 T 1 [16:26:22] 24/10/2019 N /opt/CPrt-R80/log_exporter/targets/#####/log_exporter -export /opt/CPrt-R80/log_exporter/targets/#####/targetConfiguration.xml
CPSEMD 4879 E 1 [16:26:22] 24/10/2019 N cpsemd
CPSEAD 4885 E 1 [16:26:22] 24/10/2019 N cpsead
DASERVICE 4919 E 1 [16:26:23] 24/10/2019 N DAService_script
[Expert@#####:0]# cpwd_admin list

 

The below is the error we get in 'log_indexer.elg' when it crashes: 

 

[Expert@#####:0]# tail -f log_indexer.elg

[log_indexer 4672 4097043344]@#####[24 Oct 16:27:33] Files read rate [log] : Current=977 Avg=832 MinAvg=0 Total=58304 buffers (0/0/0/0)

[log_indexer 4672 4097043344]@#####[24 Oct 16:27:33] Sent current: 0 average: 0 total: 0

[log_indexer 4672 4107598736]@#####[24 Oct 16:27:33] DefaultLogField::AddFieldFromPosition

[log_indexer 4672 4107598736]@#####[24 Oct 16:27:34] DefaultLogField::AddFieldFromPosition

[24 Oct 16:27:34] CBinObjCommon::GetPointerToData: non-32 bit data. Field index: 8 - offset is 21636 - failed to get pointer to data

[Expert@#####:0]#

 

We are running R80.10 JHF take 225 on our log server:

 

cpinfo -y all

This is Check Point CPinfo Build 914000191 for GAIA
[IDA]
HOTFIX_R80_10

[KAV]
HOTFIX_R80_10

[CPFC]
HOTFIX_R80_10
HOTFIX_R80_10_JUMBO_HF Take: 225

[FW1]
HOTFIX_R80_10
HOTFIX_R80_10_JUMBO_HF Take: 225

FW1 build number:
This is Check Point Security Management Server R80.10 - Build 043
This is Check Point's software version R80.10 - Build 190

[SecurePlatform]
HOTFIX_R80_10_JUMBO_HF Take: 225

 

let us know if anyone had same issue and able to fix the issue. We have already opened a case with the Checkpoint but have not received any valuable input yet. 

 

 

0 Kudos
2 Solutions

Accepted Solutions
POAL
Participant
Thank you. We have found a sk152934 with exact description as our problem. Thus, we have upgraded the version to R80.10 Take 245. But the indexer process is still crashing. As you suggested, we will ask Checkpoint TAC to escalate to R&D.

View solution in original post

0 Kudos
POAL
Participant
I can confirm that the issue got resolved; I have removed two days ( Oct 17th & Oct 18th ) logs from the system which had a reading errors shown in ‘log_indexer.elg’ . These logs removals and in conjunction with the firmware upgrade (sk152934 : R80.10 take 245) has resolved the log indexer crashing issue.

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
Crashing usually means a bug of some sort, which means the TAC will have to involve R&D to investigate.
POAL
Participant
Thank you. We have found a sk152934 with exact description as our problem. Thus, we have upgraded the version to R80.10 Take 245. But the indexer process is still crashing. As you suggested, we will ask Checkpoint TAC to escalate to R&D.
0 Kudos
POAL
Participant
I can confirm that the issue got resolved; I have removed two days ( Oct 17th & Oct 18th ) logs from the system which had a reading errors shown in ‘log_indexer.elg’ . These logs removals and in conjunction with the firmware upgrade (sk152934 : R80.10 take 245) has resolved the log indexer crashing issue.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events