Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
chinchira
Explorer

VSX logs lag behind on SmartConsole

Hello CheckMates,

I have a VSX deployment with multiple VSes. Management server and log server are different. All running R80.40 JHF 118.

When searching for current logs on Smartconsole, there is one particular VS1 whose logs keeping lagging behind. The lag could be a few minutes to several hours depending on time of day, but most of the time it is hours. There is another VS2 which generates twice as much logs as VS1 but the logs are upto date on Smartconsole, zero lag. 

When logging services are restarted on log server(evstop;evstart), one is able to view current logs but the lag starts building up immediately. 

Am here to see if anyone has come across the same issue and what was the solution if any. Any pointers in the right direction is much appreciated.

Thanks,

0 Kudos
6 Replies
Timothy_Hall
Legend Legend
Legend

If you bring up the old-school SmartView Tracker while the VS1 logs are severely lagged, are the VS1 logs showing up in a timely fashion there but not in the SmartConsole?  If yes it is a log indexing issue.  If they are lagged in the SmartView Tracker as well it is probably a log transport issue between the VS1 gateway and the SMS on TCP/257.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
PhoneBoy
Admin
Admin

You should be able to open a specific log file even in SmartView as well (in the Hamburger menu).
The current log file is always fw.log.

0 Kudos
chinchira
Explorer

Yes, they are also lagged on SmartView. The connection on TCP/257 is okay, but I will try and see if there is any issue along the path between the two.

0 Kudos
PhoneBoy
Admin
Admin

This might be a good reason to upgrade your management to R81.10 as the log indexing performance and capacity has improved in that release.

0 Kudos
chinchira
Explorer

Thanks for the suggestion, but I think that will be our very last resort once we have run out of options. Am thinking there is some other underlying issue that needs to be identified first.

0 Kudos
SamiH
Contributor

We have had the same problem since upgrading to r80.40. Now it is take 139. When we boot the mgmt/logging server, it starts indexing logs with all the cpu there is. The delay is often 1 h or near that, it doesn't stop indexing altogether.

Haven't had time to do a ticket since we have had several tickets with Check Point during the last year about different matters and it always takes a lot of time to inspect and proof the matter and we do have other things to do also. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events