Create a Post
Showing results for 
Search instead for 
Did you mean: 

R80.20 Log Management have problems with display properly

I have problems with Log Server R80.20 as screenshot. Please guide me how I can fix this issue.


0 Kudos
3 Replies
Champion Champion

Please run the latest Health Check and ccc script and show us their output. Thanks!

0 Kudos

Thanks for your reply

Here is my output:

| Physical System Checks |
| Category | Title | Result |
| System | Uptime | INFO |
| | OS Version | OK |
| NTP | NTP Daemon | WARNING |
| Disk Space | Free Disk Space | OK |
| Memory | Physical Memory | OK |
| | Swap Memory | OK |
| CPU | CPU idle% | OK |
| | CPU user% | OK |
| | CPU system% | OK |
| | CPU wait% | OK |
| | CPU interrupt% | OK |
| Interface Stats | RX Errors | OK |
| | RX Drops | OK |
| | RX Missed Errors | OK |
| | RX Overruns | OK |
| | TX Errors | OK |
| | TX Drops | OK |
| | TX Carrier Errors | OK |
| | TX Overruns | OK |
| Misc. Messages | Known Issues in Logs | OK |
| Processes | Zombie Processes | WARNING |
| | Process Restarts | OK |
| Core Files | Usermode Cores Present | WARNING |
| | Kernel Cores Present | OK |
| Check Point | CPInfo Build Number | OK |
| | CPUSE Build Number | OK |
| Debugs | Active tcpdump | OK |
| | Active Debug Processes | OK |
| | CPM Debugs | OK |
| | TDERROR Configured | OK |

# Health Check Summary Report #

| System |
Uptime Check Info:
The system has been rebooted within the last week.
Please review "/var/log/messages" files (if they have not rolled over) if the system was not manually rebooted.

| NTP |
NTP Daemon: Unable to talk to the NTP daemon.

NTP Information:
Please use sk92602 and sk83820 for assistance with verifying NTP is configured and functioning properly.

| Processes |
1 zombie processes found.
5126 [] <defunct>

| Core Files |
Usermode Cores:
-rw-rw---- 1 admin root 9.3M Mar 5 15:49 CPMUSER.10147.20190305.154414.tar.gz
-rw-r--r-- 1 admin root 8.0M Feb 28 13:54 fwm.4782.core.gz
-rw-r--r-- 1 admin root 33M Mar 5 21:50 log_indexer.11071.core.gz
-rw-r--r-- 1 admin root 33M Mar 5 21:52 log_indexer.11473.core.gz
-rw-r--r-- 1 admin root 12M Feb 28 13:48 smartlog_server.13729.core.gz
-rw-r--r-- 1 admin root 11M Feb 27 13:11 smartlog_server.5366.core.gz

Core files detected on this system.
Please upload the following to Check Point for analysis:
-Current cpinfo from this system
-Usermode core files from /var/log/dump/usermode/

# Output Files:
A report with the above output and the results from each command run has been saved to the following log files:

------------------------------------------------ ccc v4.0 -
System Firewall Management (with Smart Event)
Type VMware Virtual Platform
OS Gaia R80.20 JHF (Take 33) @ 64-bit
CPU 8 Cores | Load 1.05%
RAM 32 GB (Free: 18 GB) | Swapping 0 GB
Core dumps Present | Crash dumps: -
Uptime 56 minutes
Interfaces vmxnet3

tail -n 20 /opt/CPsuite-R80.20/fw1/log/fwd.elg | more

CLogFormat::create failed - field already exists (dst_user_name) of type (string) !. format string: ("product" "string_id" "TCP packet out of state" "string_id" "tcp_flags" "strin
g_id" "src" "ipaddr" "s_port" "port" "dst" "ipaddr" "service" "port" "proto" "proto" "dst_user_name" "string" "dst_machine_name" "string" "__policy_id_tag" "string_id" "origin_sic_
name" "string_id" "dst_user_name" "string" "dst_machine_name" "string")

0 Kudos

I find workaround solution for this case is disable "Indentity Logging" functioning in Log Server and "Indentity Awareness " in Gateway.

But I think we need to have a better solution.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events