This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Justin_Hickey
Collaborator
‎2018-10-22 06:33 AM
Jump to solution

No Traffic Logs after Take 121 + Smack Update

I upgraded my management station, my log server and my two prod 23500s with the Take 121 and Smack Updates and now I no longer receive traffic logs. From the firewall I get these errors.  

[Expert@CP-PROD-02:0]# fw log
Error in loading unification scheme

tail -f /opt/CPsuite-R80/fw1/log/fwd.elg

CKlogUnifier::buffToUniFragment: error: unifier has not completed initialization yet
FwKluProcessLogEx: fail to convert klog buffer to unified fragment

Other firewalls not upgraded still send and show traffic logs. 

1 Solution

Accepted Solutions
Justin_Hickey
Collaborator
‎2018-11-15 05:51 AM
Jump to solution

So, went back over everything and got it working. Replacing the log_unification_scheme.C file was the fix. The problem is I didnt set the permissions properly after replacing the file. So, cpstop, upload the file, chmod 770, cpstart . The file I am using that is working has a date of 12/14/2017 12:29PM and is 16KB in size. The files I replaced were missing some sections. No idea why. 

Support had never seen this problem on a gateway before, only a management station. Anyway, case closed. 

View solution in original post

0 Kudos
10 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-10-22 06:43 AM
Jump to solution

Looks like the error from sk106391 - did you try the procedure from the sk yet ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Justin_Hickey
Collaborator
‎2018-10-22 07:19 AM
Jump to solution

Thanks but that is from the management server. This error is happening on the gateway.

0 Kudos
Justin_Hickey
Collaborator
‎2018-10-22 11:37 AM
In response to Justin_Hickey
Jump to solution

Just to add some more, bizarre info: 

The firewalls are sending some non-traffic related logs. Identity Awareness , Virus/Bot traffic , etc, just no traffic logs.  

Thanks,

Justin 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-10-22 02:18 PM
Jump to solution

I recommend engaging with the TAC so we can look into this.

Justin_Hickey
Collaborator
‎2018-10-23 09:30 AM
In response to PhoneBoy
Jump to solution

Thanks, I do have a case open. Was escalated to the high end team. They suggested I try to replace the log_unification.C file with one from before take 121. That didn't work.

0 Kudos
Justin_Hickey
Collaborator
‎2018-10-23 11:37 AM
Jump to solution

The only time the logging works now is when i got back to the original release of R80.10 . If I apply any fix packs device logging breaks and an fw log command returns the below error.

[Expert@CP-PROD-02:0]# fw log
Error in loading unification scheme

So now I have the unfortunate option of running without logs or running without fix packs.

0 Kudos
Justin_Hickey
Collaborator
‎2018-10-26 10:37 AM
Jump to solution

Just an update, there is some indication this problem is tied to the original .iso build 421 . If you used that build I'd recommend staying away from Take 121 for now. 


Testing this theory now, more to come. 

0 Kudos
Justin_Hickey
Collaborator
‎2018-11-05 08:42 AM
Jump to solution

I rebuilt one of the less important firewalls with .iso build T462. I was able to patch up to the latest version while logging continued to function. I don't know if the simple rebuild fixed my issue or if the root cause is related to build 421. 

0 Kudos
Justin_Hickey
Collaborator
‎2018-11-08 07:46 AM
Jump to solution

Support has told me they can do no more for me. The fix is for me to manually rebuild 6 gateways. I've done this. The problem persists on 3 of the 6 gateways. 

Justin

0 Kudos
Justin_Hickey
Collaborator
‎2018-11-15 05:51 AM
Jump to solution

So, went back over everything and got it working. Replacing the log_unification_scheme.C file was the fix. The problem is I didnt set the permissions properly after replacing the file. So, cpstop, upload the file, chmod 770, cpstart . The file I am using that is working has a date of 12/14/2017 12:29PM and is 16KB in size. The files I replaced were missing some sections. No idea why. 

Support had never seen this problem on a gateway before, only a management station. Anyway, case closed. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events