Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Justin_Hickey
Collaborator
Jump to solution

No Traffic Logs after Take 121 + Smack Update

I upgraded my management station, my log server and my two prod 23500s with the Take 121 and Smack Updates and now I no longer receive traffic logs. From the firewall I get these errors.  

[Expert@CP-PROD-02:0]# fw log
Error in loading unification scheme

tail -f /opt/CPsuite-R80/fw1/log/fwd.elg

CKlogUnifier::buffToUniFragment: error: unifier has not completed initialization yet
FwKluProcessLogEx: fail to convert klog buffer to unified fragment

Other firewalls not upgraded still send and show traffic logs. 

1 Solution

Accepted Solutions
Justin_Hickey
Collaborator

So, went back over everything and got it working. Replacing the log_unification_scheme.C file was the fix. The problem is I didnt set the permissions properly after replacing the file. So, cpstop, upload the file, chmod 770, cpstart . The file I am using that is working has a date of 12/14/2017 12:29PM and is 16KB in size. The files I replaced were missing some sections. No idea why. 

Support had never seen this problem on a gateway before, only a management station. Anyway, case closed. 

View solution in original post

0 Kudos
10 Replies
G_W_Albrecht
Legend Legend
Legend

Looks like the error from sk106391 - did you try the procedure from the sk yet ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Justin_Hickey
Collaborator

Thanks but that is from the management server. This error is happening on the gateway.

0 Kudos
Justin_Hickey
Collaborator

Just to add some more, bizarre info: 

The firewalls are sending some non-traffic related logs. Identity Awareness , Virus/Bot traffic , etc, just no traffic logs.  

Thanks,

Justin 

0 Kudos
PhoneBoy
Admin
Admin

I recommend engaging with the TAC so we can look into this.

Justin_Hickey
Collaborator

Thanks, I do have a case open. Was escalated to the high end team. They suggested I try to replace the log_unification.C file with one from before take 121. That didn't work.

0 Kudos
Justin_Hickey
Collaborator

The only time the logging works now is when i got back to the original release of R80.10 . If I apply any fix packs device logging breaks and an fw log command returns the below error.

[Expert@CP-PROD-02:0]# fw log
Error in loading unification scheme

So now I have the unfortunate option of running without logs or running without fix packs.

0 Kudos
Justin_Hickey
Collaborator

Just an update, there is some indication this problem is tied to the original .iso build 421 . If you used that build I'd recommend staying away from Take 121 for now. 


Testing this theory now, more to come. 

0 Kudos
Justin_Hickey
Collaborator

I rebuilt one of the less important firewalls with .iso build T462. I was able to patch up to the latest version while logging continued to function. I don't know if the simple rebuild fixed my issue or if the root cause is related to build 421. 

0 Kudos
Justin_Hickey
Collaborator

Support has told me they can do no more for me. The fix is for me to manually rebuild 6 gateways. I've done this. The problem persists on 3 of the 6 gateways. 

Justin

0 Kudos
Justin_Hickey
Collaborator

So, went back over everything and got it working. Replacing the log_unification_scheme.C file was the fix. The problem is I didnt set the permissions properly after replacing the file. So, cpstop, upload the file, chmod 770, cpstart . The file I am using that is working has a date of 12/14/2017 12:29PM and is 16KB in size. The files I replaced were missing some sections. No idea why. 

Support had never seen this problem on a gateway before, only a management station. Anyway, case closed. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events