Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Francisco_Sachi
Participant

Restore Audit Logs

Hi Guys, for auditting reasons, we need to restore audit logs from earlier months, i´ve put the log files on the same diretory, but i cant see through the smart view (R80.40) Any ideas to restore quickly ? Thanks A lot.

0 Kudos
6 Replies
the_rock
Legend
Legend

I just checked on my R81.10 and I can see them since very first day. How far back are you searching?

0 Kudos
Francisco_Sachi
Participant

Im searching logs from 4 months ago. I can see the logs around 1 1/2 month ago (November 12th) but i can see the audit logs via SmartViewTracker (old).  For auditting reasons we need to show the logs from September 1st.

the_rock
Legend
Legend

I find the same...looks like all is visible via old sv tracker. Not 100% sure if its strictly indexing issue.

Andy

0 Kudos
mcatanzaro
Employee
Employee

Hi,

You need to re-index the log files.

Admin guide goes over this process: 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/To...

0 Kudos
the_rock
Legend
Legend

I have a question for you since you sent that process...I had a customer upgrade regular mgmt server (NOT smart event) from R80.10 -> R80.40 -> R81. They are very happy with it, all works great, BUT, one minor issue...when they open "logs and settings" in dashboard, we cant see any raw log files at all, but we do see them from old sv tracker. I also see same behavior in my R81.10 mgmt lab, though I never upgraded, had it since September of 2021. Anyway, we opened TAC case almost 3 weeks ago, were given some steps to follow, did cpstop/start, evstop/start, rebooted, no change at all.

Any reason why this would happen? Is it expected?

We also followed similar process to one you gave, waited 24 hours, no luck.

0 Kudos
Francisco_Sachi
Participant

In our case, we´ve upgrading from R77.30 --> R80.10 -> R80.40.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events