Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chinmaya_Naik
Advisor

Mgmt Server Unable collect the logs from Gateway (R80.20)

Dear Team,

We unable to received logs from gateway.

Step Taken till:

1) Verify using SmartConsole that Log Server Connected and connection stat is OK
2) Verify using CLI of active gateway that gateway is reporting logs as defined
3) Verify using CLI (gateway)that logs are written to log server
4) Run the tcpdump to check the connectivity
5) Check the master file ($FWDIR/conf) in gateway to re-verify that Log Server is define
6) Checked in MGMT Server and find 257 port is LISTEN and established with both gateways
7) Check the standby Mgmt Server to check the log file but not have

Finally after restart the services of Mgmt Server and able to see the logs

Now we observed that after some hours again we unable to saw the logs from gateways.

We unable to find the logs from gateway or Mgmt Server ($FWDIR/log) then where is the logs file ?

Service Restart is temporary solution

Kindly help.

Regards

@Chinmaya_Naik 

0 Kudos
3 Replies
Timothy_Hall
Legend Legend
Legend

If you run the old SmartView Tracker (CPlgv.exe) can you see all the logs all the time, even when they aren't appearing on the Logs & Monitor tab of SmartConsole?  If so that indicates a log indexing issue which can have many causes.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Chinmaya_Naik
Advisor

Hi @Timothy_Hall 

Thanks for the update.

I am not yet check in legacy Smartview Tracker but the main concern is first I am unable to see the any increment of logs file (ls -lh $FWDIR/log/*.log)  in both gateway and Mgmt.

Once I done service restart then able to see the increment of logs size and also view the logs from smartconsole (Logs &Monitor).

I also try to disable and enable the Log Indexing. 

Still from last 2 days I am unable to find the logs after service restart now I see current logs only not OLD logs.

 

Regards

@Chinmaya_Naik 

0 Kudos
Chinmaya_Naik
Advisor

Hi Checkmates,

Just a few query on this issue:

Lets suppose the Gateway is sending the logs to the Mgmt Server but Mgmt Server Service having some issue so the Mgmt unable to store the logs in $FWDIR/log directory.

Now if this a service issue then where the logs should store ?

Because on our case Gateway is not having any issue and Mgmt unable to store the logs , when we did service restart then we able saw the new logs immediately but no information about the old logs.

Checkpoint should have some feature to handle this kind of situation because we loss the nearly two days logs.

Its seem to be checkpoint issue because after Mgmt Server service restart only its working fine ,  sometime that might be the reason that packet will drop on switch or router level  but not happen in our case. 

Kindly suggest:

 

Regards

@Chinmaya_Naik 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events