cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Ankur_Datta
Nickel

cannot view logs on CMA

We have a MDS deployment. we are not able to view logs on CMA. Through CLM we can see logs. but Customer want to use CMA to manage security policies and view logs. 

In Gateway object we have selected to send logs to CLM not to CMA. 

 

We have another environment where we can see logs on CMA. On gateway object for logging CLM is defined.  

 

I checked further, on CMA when i open logs and monitor tab and open log file. i can see 2 fw.log file with one file has log server as CLM and other as CMA.

if I click on open log file it shows audit logs only and fw.log of CMA is fetched.

 

Kindly guide if i am missing any option so we can see logs on CMA that is stored on CLM.

 

Thanks

6 Replies
Ankur_Datta
Nickel

Re: cannot view logs on CMA

Hi All,

 

I checked and found log indexing was not enabled on CLM. After enabling it we can view logs on CMA as well. 

 

But as i enabled log indexing on CLM. CPU utilization goes to 98% when i see on smart console. when i run top command i can see most of CPU utilization is falling under ni. I am attaching the screenshot of top command. 

appliance details - Smart 1 - 50

verison R80.10

Take installed - 103

RAM - 24GB

 

will CPU utilization will be normal after sometime. or if not what we can do to resolve this?

 

Thanks

0 Kudos
Admin
Admin

Re: cannot view logs on CMA

That’s normal while logs are indexing. Note that the indexing process is deprioritized so if other needs demand CPU, it will back off.

Re: cannot view logs on CMA

I faced a situation that smartlog_server processes on MDS were on about 100% because of indexing. It took around 3 days to complete full indexing.

Kind regards,
Jozko Mrkvicka
0 Kudos
Ankur_Datta
Nickel

Re: cannot view logs on CMA

Thanks PhoneBoy and Jozko.

I can see CPU is still utilized around 85% but not like it was on Wednesday. The CPU goes 75-76% as well.

 

But i noticed SWAP memory is being used.

total used free shared buffers cached
Mem: 23973 20729 3244 0 157 10289
-/+ buffers/cache: 10282 13690
Swap: 25611 4523 21087

 

On Wednesday it was around 400 mb but it reached to 4Gig now. This should not be happened. I can see 13gig real memory is still available. Please advise.

 

Admin
Admin

Re: cannot view logs on CMA

I would engage the TAC.
0 Kudos
Ankur_Datta
Nickel

Re: cannot view logs on CMA

I will raise a TAC then.

 

Thanks for suggestions PhoneBoy.