Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Blason_R
Leader
Leader
Jump to solution

Log-server Disconnected

Hi Team,

 

I am facing this weird issue; I upgraded my hardware from 4000 series to 6000 series and upgraded versions as well. My management server was already upgarded and recently I upgraded hardware of firewall as well as version from R77.30 to R80.40.

 

However after upgradation my logs are completely stopped and here is I am getting in fwd.elg

[FWD 17769]@xxx-CPFW_02[3 Sep 10:36:30] 10:36:30: srv_disconnected: change xx.xx.10.2 status to Status ERROR description: Log-Server Disconnected
log_connected: connect to '192.168.10.2' failed
[FWD 17769]@xxx-CPFW_02[3 Sep 10:37:35] 10:37:35: srv_disconnected: change xx.xx.10.2 status to Status ERROR description: Log-Server Disconnected

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
1 Solution

Accepted Solutions
Blason_R
Leader
Leader

Nah - I resolved on my own. This was an issue with $FWDIR/conf/masters file and I observed that attribute was changed to +i

I changed to -i and rebooted the gws

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

View solution in original post

8 Replies
Tal_Paz-Fridman
Employee
Employee

Hi

Perhaps this might help (even if the issue seems a bit different):

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Basically, perform Install Database on the Security Management Server (Log Servers)

Otherwise contact TAC

Thanks

Blason_R
Leader
Leader

Nah - I resolved on my own. This was an issue with $FWDIR/conf/masters file and I observed that attribute was changed to +i

I changed to -i and rebooted the gws

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
the_rock
Legend
Legend

Would you mind please telling me what exact attribute that is? I have exact same errors in fwd.elg and logging is failing, but cant see any +i option in masters file...thanks in advance.

0 Kudos
Blason_R
Leader
Leader

May be it could be something else for you. But to check attribute

lsattr $FWDIR/conf/masters

Also if you can check what are the contents of masters file?

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
the_rock
Legend
Legend

I think you are probably right...below is what I get

 

lsattr $FWDIR/conf/masters
---------------- /opt/CPsuite-R81/fw1/conf/masters

0 Kudos
the_rock
Legend
Legend

Funny thing is, content was default mgmt name and logging was fine for a while, then it stopped with no changes...I ended up changing masters file to mgmt IP address in all fields and then logging started and worked for 2 weeks and then stopped again, so its a bit puzzling as to why this keeps happening.

0 Kudos
PhoneBoy
Admin
Admin

That’s the immutable flag, a file attribute at the OS level.
It prevents the file from being overwritten.
Which that file is on policy install: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

the_rock
Legend
Legend

Funny thing is, never had to do that sk before (at least from what I can remember), but followed it and also changed masters file to reflect mgmt IP and not the name and that worked. Whether that solution will last, remains to be seen : )

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events