This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AlejandroH
Employee
Employee
‎2020-06-23 05:18 PM

No logging from Access Control policy

R80.40 JHF 48  on GW and Mgmt

Created a policy using inline app/URLF rules.  I get logging on all the app/URLF rules but no other rules in the access control policy log.  Has anyone seen this behavior before?

0 Kudos
9 Replies
AlejandroH
Employee
Employee
‎2020-06-23 05:19 PM

Before anyone ask, yes, tracking is set to Log on the rule I want to get logs on.
0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2020-06-24 10:05 AM
In response to AlejandroH

Can you see more than just the APCL/URLF logs if you fire up the old SmartView Tracker (CPlgv.exe) and look at the logs that way?  If they are there that indicates some kind of log indexing problem.  If the additional logs are not present in the Tracker that indicates some kind of policy configuration issue.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
AlejandroH
Employee
Employee
‎2020-06-24 10:56 AM
In response to Timothy_Hall

@Timothy_Hall  I went into SmartView and the logs are in there.  Looks like an indexing problem.  Now to find an SK to fix that.  Thank you for the bread crumbs!

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2020-06-24 05:32 PM
In response to AlejandroH

OK if you could post a follow-up with the solution that would be great, there seems to be many different ways for this to happen.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
PhoneBoy
Admin
Admin
‎2020-06-24 09:22 PM
In response to AlejandroH

What is the hardware configuration of your management?
If it's under spec, Log Indexing is disabled by default.
It can also be manually disabled in the SmartConsole object as well.
0 Kudos
AlejandroH
Employee
Employee
‎2020-06-25 08:23 AM
In response to PhoneBoy

Turning on indexing did not resolve the issue but I did find that if I open a log file, I can see all the logs.  I am surprised I would need to do that.  Have either of you seen that?

 

0 Kudos
Alex-
MVP Silver
MVP Silver
‎2020-06-25 11:25 AM
In response to AlejandroH

I've had this issue after upgrading a management station to R80.30. No logs from the security blade, only TP, solved after File --> Open fw.log. Logs were visible continuously after that.

0 Kudos
AlejandroH
Employee
Employee
‎2020-06-25 12:44 PM
In response to Alex-

Same here.  Now I am trying to see if I can force that file to be the default.

0 Kudos
AlejandroH
Employee
Employee
‎2020-07-06 12:02 PM
In response to AlejandroH

@Timothy_Hall and @PhoneBoy 

After some looking up, I found that the logs exist but I have to open the log for the day I would like to get from:

7-6-2020 2-58-31 PM.jpg

 
 

There doesn't seem to be a way to make this behavior by default.  Any ideas?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events