Got one Checkpint gateway not sending logs to server/manager.
Gateway running R80.10.
Some checks from this list:
Troubleshooting Check Point logging issues when Security Management Server / Log Server is not recei...
results:
2. not running out of disk psace, other gateways successfully send logs
3. Log setting correct, same as for gateways that do send logs
4. SIC working
6.
-sh-3.1# netstat -anp | grep ":257"
tcp 0 0 0.0.0.0:257 0.0.0.0:* LISTEN 9971/fwd
8. No logs coming from particular gw to server/manager while checking with tcpdump on port 257
Checking on gateway with tcpdump , tcp port 257 is used, looking like this:
22:55:20.502921 IP 212.123.209.155.64684 > 10.44.5.250.set: S 2036222826:2036222826(0) win 5840 <mss 1460,sackOK,timestamp 39556535 0,nop,wscale 10>
22:55:35.505245 IP GatewayA.45059 > manager/server.set: S 671424545:671424545(0) win 5840 <mss 1460,sackOK,timestamp 39571537 0,nop,wscale 10>
22:55:50.508439 IP GatewayA.46031 > manager/server.set: S 2285159981:2285159981(0) win 5840 <mss 1460,sackOK,timestamp 39586541 0,nop,wscale 10>
22:56:05.510607 IP GatewayA.52013 > manager/server.set: S 2007497722:2007497722(0) win 5840 <mss 1460,sackOK,timestamp 39601543 0,nop,wscale 10>
22:56:20.513890 IP GatewayA.65038 > manager/server.set: S 2658388405:2658388405(0) win 5840 <mss 1460,sackOK,timestamp 39616546 0,nop,wscale 10>
22:56:35.516815 IP GatewayA.39510 > manager/server.set: S 35097244:35097244(0) win 5840 <mss 1460,sackOK,timestamp 39631549 0,nop,wscale 10>
22:56:50.519180 IP GatewayA.55705 > manager/server.set: S 838505804:838505804(0) win 5840 <mss 1460,sackOK,timestamp 39646551 0,nop,wscale 10>
22:57:05.521406 IP GatewayA.41441 > manager/server.set: S 3340929611:3340929611(0) win 5840 <mss 1460,sackOK,timestamp 39661554 0,nop,wscale 10>
10. Firewall on gw is indeed growing locally
checked with
# watch -d -n 2 "ls -l $FWDIR/log/fw.log"
11.
# cat $FWDIR/conf/masters
showing name of manager/server