TechTalk:
New MITRE ATT&CK Extension
May The Fourth
CloudMates Live Show
CheckMates Go
Cyber Security Podcast
Check Point Named in Gartner Market
Guide for Mobile Threat Defense 2021
End of Support Policy Update
For R80.10 Release
Hi.
I have some trouble with logging. We have 1 Cluster 5800 and Smart-1 405 Appliance(all 80.10) .
It was every ting Ok, but tomorrow there was no logs in logs and monitor pane.
Logs from FWs comes and stores on Smart-1 405 Appliance normally online.
We try to revert to day-after snapshot, but there is no result.
Could you help?
CPSC405> cpstat mg -f log_server
Log Receive Rate: 1
Log Receive Rate Peak: 114
Log Receive Rate Last 10 Minutes: 42
Log Receive Rate Last Hour: 50
Log Server Connected Gateways
---------------------------------------------------------------------
|Name |State |Last Login Time |Log Receive Rate|
---------------------------------------------------------------------
|Local Clients |Connected|N/A | 0|
|FW-30-CP5800-2|Connected|Wed Oct 3 09:56:49 2018
| 0|
|FW-30-CP5800-1|Connected|Wed Oct 3 09:56:49 2018
| 1|
---------------------------------------------------------------------
30-CPSC405> cpstat mg -f indexer
Total Read Logs: 468708
Total Updates and Logs Indexed: 2343510
Total Read Logs Errors: 0
Total Updates and Logs Indexed Errors: 2349510
Updates and Logs Indexed Rate: 17
Read Logs Rate: 4
Updates and Logs Indexed Rate (10min): 211
Read Logs Rate (10min): 42
Updates and Logs Indexed Rate (60min): 250
Read Logs Rate (60min): 50
Updates and Logs Indexed Rate Peak: 1952
Read Logs Rate Peak: 515
Read Logs Delay: 0
JozkoMrkvicka
And what about to install the latest jumbo hotfix for R80.10 ?
Also, try to install the latest R80.10 SmartConsole Build 073 if you dont have it already.
PhoneBoy
I'm curious if the Smart-1 is actually receiving logs and you're just not seeing them.
A quick way to check is to issue the command fw log from the CLI.
If you see logs there but not in SmartConsole, it's probably worth a TAC ticket.
Otherwise, have a look at this SK for additional troubleshooting: Troubleshooting Check Point logging issues when Security Management Server / Log Server is not recei...
I have checked receiving logs already, they are receiving and storing normally. ( I put to this case screenshot)
I see a lot of indexing errors.
Any ideas?
JozkoMrkvicka
cpstop;cpstart on management? It may be that gateway will start logging locally, so have a look after that.
Or maybe just turn off logging and turn it back again will help.
Nice idea.
I tried step by step:
1. disable smart Event blade on management.
2. Install DB
3. cpstart/cpstop -
Not Help
4. Disable Indexing
5. Install DB
6. cpstart/cpstop
Bingo but very slow. And not real time - one hour before.
I Think indexer working not correctly. There is no any sk about it.
_Val_
I think it is a good time to open a support request so TAC could investigate further and help you
JozkoMrkvicka
And what about to install the latest jumbo hotfix for R80.10 ?
Also, try to install the latest R80.10 SmartConsole Build 073 if you dont have it already.
Thank You. It helps.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY
