This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nigel_Dennison1
Participant
‎2017-12-14 11:19 AM

R80 Solr Log indexing

Hi all I have a pretty generic question about the SOLR log indexing. I want to know if the indexing is shared between multiple log servers. I especially want to know what happens when you separate the logs server from the main policy manager, for instance if you deploy a separate log server running smart event and direct all gateways to log to that dedicated log server. Is there any communication between the SOLR indexing on the managers if not how do you view logs from the dashboard when logged in to the policy manager is this function not available if the logs are directed to a different manager? If there is connectivity between the Managers how is this achieved (sic I would assume) as it is entirely possible to have the managers geographically separated?

I appreciate that in R7X it was a case you had to open separate consoles to different managers but in R80 it has, you know kind of been sold as this all singing all dancing one stop shop. Just curious how this functionality works. 

Regards

Nigel

0 Kudos
3 Replies
Alejandro_Mont1
Collaborator
‎2017-12-14 12:02 PM

One of the big features in R80 was the unified console, you have the ability to log into the policy manager, click on the Logs pane and see logs from all connected log servers. If preferable you can also choose to only see logs for certain log servers. All communication is done through SIC, if one of the log servers is not communicating you will see an error in the Logs pane.

I have personally seen a setup where we tried to stand up a log server in a different location than the management server, but had severe issues caused by NATing. I am not sure if that is officially supported or not.

0 Kudos
Nigel_Dennison1
Participant
‎2017-12-14 12:39 PM
In response to Alejandro_Mont1

That will actually be very interesting. I can think of at least two or three customers currently on R7X that have the distributed deployment of Log servers. I wonder if CP can give us a better explanation of how the Solr communicates so that NAT issues like the one you mention can be investigated and resolved. 

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee
‎2017-12-16 11:37 AM

I can't answer if the "indexing is shared" but it will search all log servers. We have environment of primary and secondary MDS where secondary MDS also acts as a backup for logs that normally go to MLM. So whenever MLM is offline say for an upgrade, log search will happily present results from the secondary MDS instead without any special interaction.

I hope it answers your question Smiley Happy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top