This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AlejandroH
Ambassador
Ambassador
‎2020-06-23 05:18 PM

No logging from Access Control policy

R80.40 JHF 48  on GW and Mgmt

Created a policy using inline app/URLF rules.  I get logging on all the app/URLF rules but no other rules in the access control policy log.  Has anyone seen this behavior before?

0 Kudos
9 Replies
AlejandroH
Ambassador
Ambassador
‎2020-06-23 05:19 PM

Before anyone ask, yes, tracking is set to Log on the rule I want to get logs on.
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2020-06-24 10:05 AM
In response to AlejandroH

Can you see more than just the APCL/URLF logs if you fire up the old SmartView Tracker (CPlgv.exe) and look at the logs that way?  If they are there that indicates some kind of log indexing problem.  If the additional logs are not present in the Tracker that indicates some kind of policy configuration issue.

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos
AlejandroH
Ambassador
Ambassador
‎2020-06-24 10:56 AM
In response to Timothy_Hall

@Timothy_Hall  I went into SmartView and the logs are in there.  Looks like an indexing problem.  Now to find an SK to fix that.  Thank you for the bread crumbs!

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2020-06-24 05:32 PM
In response to AlejandroH

OK if you could post a follow-up with the solution that would be great, there seems to be many different ways for this to happen.

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos
PhoneBoy
Admin
Admin
‎2020-06-24 09:22 PM
In response to AlejandroH

What is the hardware configuration of your management?
If it's under spec, Log Indexing is disabled by default.
It can also be manually disabled in the SmartConsole object as well.
0 Kudos
AlejandroH
Ambassador
Ambassador
‎2020-06-25 08:23 AM
In response to PhoneBoy

Turning on indexing did not resolve the issue but I did find that if I open a log file, I can see all the logs.  I am surprised I would need to do that.  Have either of you seen that?

 

0 Kudos
Alex-
Leader Leader
Leader
‎2020-06-25 11:25 AM
In response to AlejandroH

I've had this issue after upgrading a management station to R80.30. No logs from the security blade, only TP, solved after File --> Open fw.log. Logs were visible continuously after that.

0 Kudos
AlejandroH
Ambassador
Ambassador
‎2020-06-25 12:44 PM
In response to Alex-

Same here.  Now I am trying to see if I can force that file to be the default.

0 Kudos
AlejandroH
Ambassador
Ambassador
‎2020-07-06 12:02 PM
In response to AlejandroH

@Timothy_Hall and @PhoneBoy 

After some looking up, I found that the logs exist but I have to open the log for the day I would like to get from:

7-6-2020 2-58-31 PM.jpg

 
 

There doesn't seem to be a way to make this behavior by default.  Any ideas?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events