Hi,

R80.30 environment. SG cluster is not sending logs to SMS. 

Steps that I have done in troubleshooting:

1. Installed database in SmartConsole.
2. Installed policy several times.
3. Changed the SG to log locally, installed policy and then reverted to sending logs again to SMS in SmartConsole.
4. Rebooted the cluster that don’t send logs to the SMS
5. Disk space is checked on SMS and is fine.
6. Checked that security gateway is configured to send logs to SMS in SmartConsole.
7. SIC communication is fine and communicating.
8. Ping from SMS to SG works fine. The other way too.
9. Checked that the SMS is listening on port 257. No connection from the cluster SG seen there.
10. Checked if any logs are coming from the SG to the SMS on port 257 with tcpdump on the interface. No logs there.
11. The active firewall log file fw.log is growing on the SG. Checked with the command watch -d -n 2 "ls -l $FWDIR/log/fw.log"
12. Checked the masters file on the SG and it is set to log to the SMS

So are there anymore suggestions in troubleshooting this issue? Could it be that the last step (that I didn't do), the active firewall log file fw.log might be corrupted on the SG?