This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
Advisor
‎2025-05-23 04:14 PM

Problems with the SmartEvent and its data.

Hello, Mates

I have an MDS and VSX environment. Currently we have a problem with our SmartEvent, because the equipment is not generating reports, and it is not showing results, when we enter the “Logs&Monitor” section and go to the “General Overview” section, it DOES NOT SHOW ANY DATA, and when we try to generate reports, the reports appear blank.

We have restarted the processes with cpstop; cpstart ... we have restarted with evstop; evstart ... we have restarted the whole box, and the problem remains.

Are there any recommendations to solve this problem?

Why does the LOG SERVER port normally send the events to a SmartEvent?
Can this be validated by a tcpdump?
Is it possible to validate if there is a connection between the members of a VSX Cluster and the SmartEvent of the environment?

Thanks for your comments.

0 Kudos
14 Replies
the_rock
Legend
Legend
‎2025-05-24 04:42 AM

Ola bro,

Well, you can do tcpdump on port 257 to check the logging part, but also fw monitor to verify the actual connectivity.

Andy

0 Kudos
Amir_Senn
Employee
Employee
‎2025-05-24 06:04 AM

Can you try to access the views/reports from the SmartView webapp?

https://<MGMT/log_server_IP>/smartview

Login with SmartConsole cred.

Kind regards, Amir Senn
0 Kudos
(1)
Matlu
Advisor
‎2025-05-24 09:33 AM
In response to Amir_Senn

Hello. @Amir_Senn 

I have entered the IP of my SmartEvent, through a browser like Edge, and I have no problems to observe data there, only the detail is that from the browser, I am not able to “choose” a particular CMA, as it seems that this way of accessing is “concentrated” in the SmartEvent box as such, and what I want, is to generate reports of certain specific CMA.

SME2.jpg

Thank you.

0 Kudos
the_rock
Legend
Legend
‎2025-05-24 10:11 AM
In response to Matlu

Hey bro,

As @Wolfgang asked, are there any logs at all in Smart Event?

Andy

0 Kudos
Wolfgang
Authority
Authority
‎2025-05-24 08:23 AM

@Matlu First of all, did you get any logs from your gateways ?

Did you followed the special procedure to install a dedicated Smart-Event server for your Multi-Domain-Environment ?

Connecting R81.20 SmartEvent to R81.20 Multi-Domain Server

 

0 Kudos
Matlu
Advisor
‎2025-05-24 09:26 AM
In response to Wolfgang

Hello, @Wolfgang 

It really is a legacy architecture.
This was working fine, but for some reason, it has started to fail.
In the SmartConsole, yes I am getting real time logs, on all my CMAs.
The only thing is the report generation and the ability to see statistical data, for example when you open the “General Overview” tab.

SME1.jpg

We enter the MDS, then jump to the CMA we need, and when we access the CMA and go to the “Logs & Monitor” section, is where we have the problem that we do not visualize ANYTHING, and therefore the reports do not work.

Any idea how to “repair” this?

I've already restarted SmartEvent, thinking it's a problem with SmartEvent repeatedly, but I still can't fix it.

0 Kudos
Amir_Senn
Employee
Employee
‎2025-05-25 12:58 AM
In response to Matlu

Have you tried to review the definitions in SmartEvent GUI?

Kind regards, Amir Senn
0 Kudos
_Val_
Admin
Admin
‎2025-05-25 11:38 PM
In response to Matlu

It seems like a TAC case is warranted here. Please reach out to support.

0 Kudos
the_rock
Legend
Legend
‎2025-05-24 04:18 PM

I found a note buddy from few years ago where client fixed issue like this by unchecking smart event blade, install database, recheck, install database again.

Have you tried that?

Andy

0 Kudos
Matlu
Advisor
‎2025-05-24 04:34 PM
In response to the_rock

I haven't tried that yet.

I've been reviewing documents, and I found this one from Check Point

https://support.checkpoint.com/results/sk/sk93970#SmartEvent%20Common%20Issues

Is it mandatory that in the command “cpwd_admin list” the dbsync and SVRserver processes appear in the list ?

SME3.jpg

It is the only thing that I can't see when I throw the command in the SmartEvent CLI.

0 Kudos
the_rock
Legend
Legend
‎2025-05-24 05:02 PM
In response to Matlu

I cant say as I dont have my lab access for another week to check, but everything shows as started.

Andy

0 Kudos
the_rock
Legend
Legend
‎2025-05-25 09:46 AM
In response to Matlu

I would still give a try what I suggested, it cant make it worse.

Andy

0 Kudos
_Val_
Admin
Admin
‎2025-05-25 11:41 PM
In response to Matlu

The only thing you should look for in your "cpwd_admin list" output is an entry where START is either 0 or more than 1. That would indicate a failing process. Can you print your real output and not a screenshot from the SK?

0 Kudos
Matlu
Advisor
‎2025-05-25 11:46 PM
In response to _Val_

Hello,
This is the actual output of the command on my device.

SME4.jpg

There are 2 processes that concern me, according to the link I shared in my previous post, these are the processes dbsync and SVRserver.
In my output I don't see those processes and I'm not sure, if the result is correct.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events