This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rodion_Vorobev
Participant
‎2018-10-03 02:59 AM
Jump to solution

No logs displayed in Smart-1 Appliance

Hi.

I have some trouble with logging. We have 1 Cluster 5800 and Smart-1 405 Appliance(all 80.10) .

It was every ting Ok, but tomorrow there was no logs in logs and monitor pane.

Logs from FWs comes and stores on Smart-1 405 Appliance normally online.

We try to revert to day-after snapshot, but there is no result.

Could you help?

CPSC405> cpstat mg -f log_server

Log Receive Rate:                 1
Log Receive Rate Peak:            114
Log Receive Rate Last 10 Minutes: 42
Log Receive Rate Last Hour:       50


Log Server Connected Gateways
---------------------------------------------------------------------
|Name          |State    |Last Login Time          |Log Receive Rate|
---------------------------------------------------------------------
|Local Clients |Connected|N/A                      |               0|
|FW-30-CP5800-2|Connected|Wed Oct  3 09:56:49 2018
|               0|
|FW-30-CP5800-1|Connected|Wed Oct  3 09:56:49 2018
|               1|
---------------------------------------------------------------------


30-CPSC405> cpstat mg -f indexer                                               
Total Read Logs:                       468708
Total Updates and Logs Indexed:        2343510
Total Read Logs Errors:                0
Total Updates and Logs Indexed Errors: 2349510
Updates and Logs Indexed Rate:         17
Read Logs Rate:                        4
Updates and Logs Indexed Rate (10min): 211
Read Logs Rate (10min):                42
Updates and Logs Indexed Rate (60min): 250
Read Logs Rate (60min):                50
Updates and Logs Indexed Rate Peak:    1952
Read Logs Rate Peak:                   515
Read Logs Delay:                       0

nologs.PNG
Preview file
57 KB
fw logs.jpg
Preview file
86 KB
0 Kudos
1 Solution

Accepted Solutions
JozkoMrkvicka
Authority
Authority
‎2018-10-04 10:54 AM
In response to Rodion_Vorobev
Jump to solution

And what about to install the latest jumbo hotfix for R80.10 ?

Also, try to install the latest R80.10 SmartConsole Build 073 if you dont have it already.

Kind regards,
Jozko Mrkvicka

View solution in original post

7 Replies
PhoneBoy
Admin
Admin
‎2018-10-03 07:17 PM
Jump to solution

I'm curious if the Smart-1 is actually receiving logs and you're just not seeing them.

A quick way to check is to issue the command fw log from the CLI.

If you see logs there but not in SmartConsole, it's probably worth a TAC ticket.

Otherwise, have a look at this SK for additional troubleshooting: Troubleshooting Check Point logging issues when Security Management Server / Log Server is not recei... 

Rodion_Vorobev
Participant
‎2018-10-03 11:54 PM
In response to PhoneBoy
Jump to solution

I have  checked receiving logs already, they are  receiving and  storing normally.  ( I put to this case screenshot)

I see a lot of indexing errors.

Any ideas?

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2018-10-04 02:22 AM
In response to Rodion_Vorobev
Jump to solution

cpstop;cpstart on management? It may be that gateway will start logging locally, so have a look after that.

Or maybe just turn off logging and turn it back again will help.

Kind regards,
Jozko Mrkvicka
Rodion_Vorobev
Participant
‎2018-10-04 04:05 AM
In response to JozkoMrkvicka
Jump to solution

Nice idea.

I tried step by step:

1. disable smart Event blade on management.

2. Install DB

3. cpstart/cpstop -

Not Help

4. Disable Indexing

5. Install DB

6. cpstart/cpstop

Bingo but very slow. And not real time - one hour before.

I Think indexer working not correctly. There is no any sk about it.

0 Kudos
_Val_
Admin
Admin
‎2018-10-04 06:09 AM
In response to Rodion_Vorobev
Jump to solution

I think it is a good time to open a support request so TAC could investigate further and help you

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2018-10-04 10:54 AM
In response to Rodion_Vorobev
Jump to solution

And what about to install the latest jumbo hotfix for R80.10 ?

Also, try to install the latest R80.10 SmartConsole Build 073 if you dont have it already.

Kind regards,
Jozko Mrkvicka

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top