Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rahul_Borah
Contributor

Logs are not showing

Hi friends,

I am facing some issues with logs and monitor. logs are not showing in logs and monitor tab. Please find the attachment. Please share a solution if anyone has experience in the same issue.

R80.40

Regards,

RB

 

 

0 Kudos
4 Replies
Tal_Paz-Fridman
Employee
Employee

Hi,

A few basic questions/tests:

Is this on a system where you had logging before? Did anything change recently?

Check all logging (and other) processes are up and running [cpwd_admin list]

Check processes on Security Gateway sending logs (cpwd_admin list, cpstat fw -f log_connection)

 

Also, check these helpful SKs for troubleshooting logging issues:

Practical troubleshooting steps for logging issues - sk38848

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Troubleshooting Check Point logging issues when Security Management Server / Log Server is not receiving logs from Security Gateway - sk40090

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Tal

the_rock
Legend
Legend

I found in the past that what works is one of 2 below things (not always recommended, but they do work)

1- create a dummy duplicate cp host ( NOT regular host, but the one where it lets you choose it as logging server) and then once you save that, go to logs under firewall and add that new object as logging server (just give it same IP as actual mgmt object). Install database, push policy. If logging works, then leave it like that for 24 hours, then delete dummy object and revert back to old config.

2- edit $FWDIR/conf/masters file on affected gateway and change name in all 3 fileds to actual mgmt IP address reflected in dashboard object. Also, apply below sk:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Alternatively, please follow what @Tal_Paz-Fridman mentioned, those are all valid points.

 

Please update us on results.

 

Cheers,

Andy

BroadcastStorm
Explorer

Just solved a similar problem. The GW was transmitting logs to the management console but they were not displaying. We added the management console to the GW hosts file and the problem resolved. Perhaps the management console needs to be informed when it should review the log file - just a WAG.

0 Kudos
Duane_Toler
Advisor

I've seen this when the management server had 0 bytes free on the /var/log partition.  Check your local disk space.

Check if the gateways are sending logs:

netstat -nap |grep :257

cpstat mg -f log_server

 

If your management is behind NAT, do as @the_rock and @Tal_Paz-Fridman suggested.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events