This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rahul_Borah
Contributor
‎2021-09-16 09:00 AM

Logs are not showing

Hi friends,

I am facing some issues with logs and monitor. logs are not showing in logs and monitor tab. Please find the attachment. Please share a solution if anyone has experience in the same issue.

R80.40

Regards,

RB

 

 

Preview file
125 KB
0 Kudos
2 Replies
Tal_Paz-Fridman
Employee
Employee
‎2021-09-16 09:43 AM

Hi,

A few basic questions/tests:

Is this on a system where you had logging before? Did anything change recently?

Check all logging (and other) processes are up and running [cpwd_admin list]

Check processes on Security Gateway sending logs (cpwd_admin list, cpstat fw -f log_connection)

 

Also, check these helpful SKs for troubleshooting logging issues:

Practical troubleshooting steps for logging issues - sk38848

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Troubleshooting Check Point logging issues when Security Management Server / Log Server is not receiving logs from Security Gateway - sk40090

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Tal

the_rock
Champion
Champion
‎2021-09-16 03:02 PM

I found in the past that what works is one of 2 below things (not always recommended, but they do work)

1- create a dummy duplicate cp host ( NOT regular host, but the one where it lets you choose it as logging server) and then once you save that, go to logs under firewall and add that new object as logging server (just give it same IP as actual mgmt object). Install database, push policy. If logging works, then leave it like that for 24 hours, then delete dummy object and revert back to old config.

2- edit $FWDIR/conf/masters file on affected gateway and change name in all 3 fileds to actual mgmt IP address reflected in dashboard object. Also, apply below sk:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Alternatively, please follow what @Tal_Paz-Fridman mentioned, those are all valid points.

 

Please update us on results.

 

Cheers,

Andy