We have been working with CheckPoint on slowness with our MDS server. Check Point stated that we need to purchase a MLM (two of them) and off load our logging. So I just installed a brand new MLM 4 weeks ago on R80.20 and synced it to our MDS. I then built about 20+ CLM's and everything seemed to work as expected. As i was setting up new CLM's and changing the log config for each cluster to point to the CLM, we started running into issues. The logs would not appear in the log view of the console. Some CLM's worked and others did not. I was able to verify that the the logs were on the CLM from the gateways. I configured the log exporter and they were being exported to Splunk from the CLM. Also you could see the fw.log file growing on the CLM. However nothing would show in the console. I continued to build new CLM's, and three may work fine then the fourth one I built would do the same thing where the logs could not be seen. I have 54 CLM's built and about 8 that will not work. I have tried deleting them and recreating them. We got two to work by just changing the color of the CLM object, publish, and then do an "install database" again. This seemed to have synced something. Sometimes ones that were working will just stop. Then we have to change the object color again and install database again to get the logs back.
So with all of that said...I have been on the phone with TAC/CFG and now R&D to get this to work. And still no luck. It seems to be some type of sync issue between the MDS and MLM. And we have ran the "clean dbsync" script several times with TAC. This has been going on for a month. Has anyone else ran into this issue? Or are having issues with the MLM?
Any help is appreciated.
Regards,