This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rodion_Vorobev
Participant
‎2018-10-03 02:59 AM
Jump to solution

No logs displayed in Smart-1 Appliance

Hi.

I have some trouble with logging. We have 1 Cluster 5800 and Smart-1 405 Appliance(all 80.10) .

It was every ting Ok, but tomorrow there was no logs in logs and monitor pane.

Logs from FWs comes and stores on Smart-1 405 Appliance normally online.

We try to revert to day-after snapshot, but there is no result.

Could you help?

CPSC405> cpstat mg -f log_server

Log Receive Rate:                 1
Log Receive Rate Peak:            114
Log Receive Rate Last 10 Minutes: 42
Log Receive Rate Last Hour:       50


Log Server Connected Gateways
---------------------------------------------------------------------
|Name          |State    |Last Login Time          |Log Receive Rate|
---------------------------------------------------------------------
|Local Clients |Connected|N/A                      |               0|
|FW-30-CP5800-2|Connected|Wed Oct  3 09:56:49 2018
|               0|
|FW-30-CP5800-1|Connected|Wed Oct  3 09:56:49 2018
|               1|
---------------------------------------------------------------------


30-CPSC405> cpstat mg -f indexer                                               
Total Read Logs:                       468708
Total Updates and Logs Indexed:        2343510
Total Read Logs Errors:                0
Total Updates and Logs Indexed Errors: 2349510
Updates and Logs Indexed Rate:         17
Read Logs Rate:                        4
Updates and Logs Indexed Rate (10min): 211
Read Logs Rate (10min):                42
Updates and Logs Indexed Rate (60min): 250
Read Logs Rate (60min):                50
Updates and Logs Indexed Rate Peak:    1952
Read Logs Rate Peak:                   515
Read Logs Delay:                       0

Preview file
57 KB
Preview file
86 KB
0 Kudos
1 Solution

Accepted Solutions
JozkoMrkvicka
Mentor
Mentor
‎2018-10-04 10:54 AM
In response to Rodion_Vorobev
Jump to solution

And what about to install the latest jumbo hotfix for R80.10 ?

Also, try to install the latest R80.10 SmartConsole Build 073 if you dont have it already.

Kind regards,
Jozko Mrkvicka

View solution in original post

7 Replies
PhoneBoy
Admin
Admin
‎2018-10-03 07:17 PM
Jump to solution

I'm curious if the Smart-1 is actually receiving logs and you're just not seeing them.

A quick way to check is to issue the command fw log from the CLI.

If you see logs there but not in SmartConsole, it's probably worth a TAC ticket.

Otherwise, have a look at this SK for additional troubleshooting: Troubleshooting Check Point logging issues when Security Management Server / Log Server is not recei... 

Rodion_Vorobev
Participant
‎2018-10-03 11:54 PM
In response to PhoneBoy
Jump to solution

I have  checked receiving logs already, they are  receiving and  storing normally.  ( I put to this case screenshot)

I see a lot of indexing errors.

Any ideas?

0 Kudos
JozkoMrkvicka
Mentor
Mentor
‎2018-10-04 02:22 AM
In response to Rodion_Vorobev
Jump to solution

cpstop;cpstart on management? It may be that gateway will start logging locally, so have a look after that.

Or maybe just turn off logging and turn it back again will help.

Kind regards,
Jozko Mrkvicka
Rodion_Vorobev
Participant
‎2018-10-04 04:05 AM
In response to JozkoMrkvicka
Jump to solution

Nice idea.

I tried step by step:

1. disable smart Event blade on management.

2. Install DB

3. cpstart/cpstop -

Not Help

4. Disable Indexing

5. Install DB

6. cpstart/cpstop

Bingo but very slow. And not real time - one hour before.

I Think indexer working not correctly. There is no any sk about it.

0 Kudos
_Val_
Admin
Admin
‎2018-10-04 06:09 AM
In response to Rodion_Vorobev
Jump to solution

I think it is a good time to open a support request so TAC could investigate further and help you

0 Kudos
JozkoMrkvicka
Mentor
Mentor
‎2018-10-04 10:54 AM
In response to Rodion_Vorobev
Jump to solution

And what about to install the latest jumbo hotfix for R80.10 ?

Also, try to install the latest R80.10 SmartConsole Build 073 if you dont have it already.

Kind regards,
Jozko Mrkvicka
Rodion_Vorobev
Participant
‎2018-10-10 10:55 PM
In response to JozkoMrkvicka
Jump to solution

Thank You. It helps.