- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: Error when searching R80.20.30 Security Logs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Error when searching R80.20.30 Security Logs
Customer pointed out an error with R80.20.30 (992002285) on 1800, 1530 and 1550 ! When searching Security Logs using the syntax as shown in Help: Source:192.168.1.1 an error will be displayed:
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fixed firmware R80.20.30 (992002339) is available from TAC - i has resolved the issue on my 1550 8).
I would suggest to wait for a GA firmware; otherwise open a SR# or Chat with TAC to receive a copy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the exact same experience since update.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R&D is now involved, so i hope that a new firmware will come soon ! As this is the official syntax for the Security Logs, this should be fixed asap 8)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In 6-0002939266 R&D says SMBs don't support any keywords (i.e. Source/Destination/sport/dport) in locally managed webUI search logs. This can not be - @PhoneBoy, can you please point this out to some SMB specialists ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R&D corrected the statement, it should be possible to use single keywords (i.e. Source/Destination/sport/dport) in locally managed webUI log search.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And is that corrected .img file version available? In R80.20.30 (992002285) I can see that if you use something like source/destination/port ... without parameter - it works, or if you use only IP address or number of port, all that works OK. But together like source:192.168.1.1 or port:443 - that's problem and it does that error in the first post.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As i wrote above, R&D is currently working on this issue that a query for Source:192.168.1.1 will show an error. This should be fixed in a new firmware version that is, of course, not available before they have found the relevant bug that has led to my post 8)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am seeing the exact same thing here…
when I do a search for example source:192.168.1.6
it errors out, and it also output error in the system log the same time
are you able to see the same? if you do a search in the security logs, then after it errors out go to system log. do you also have an error there right after?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, it is that issue 8)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Guess we just have to wait in eternal patience 😞
do I need to create my own TAC case? Or are they usually quick to roll out fixes?(still new in the checkpoint world)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R & D are currently testing a fix for this issue, stay tuned ! 8)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fingers crossed. Saw the issue again today when deleting a nat rule “web server error”
So something is definitely wrong..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You did not see "THE" issue anywhere. Deleting a NAT Rule has nothing to do with searching Security Logs - our web server error is a generic error (WebGUI talking to database and communication does not work), so you have to look into System Logs to differentiate the causes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fixed firmware R80.20.30 (992002339) is available from TAC - i has resolved the issue on my 1550 8).
I would suggest to wait for a GA firmware; otherwise open a SR# or Chat with TAC to receive a copy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sharing is caring.. thank you I’ll create my own TAC..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TAC wrote: the fix is now in the jumbo so I will issue an SK for it and support will be able to provide the jumbo to any customer who complains about it. It will of course also be included in the next GA but R80.20.30 GA was released not too long ago.
The sk175063 should be available in a few days, but you can just ask TAC for R80.20.30 (992002339) firmware...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SK is ready as sk175063: System error while searching on Quantum Spark Appliance with simple syntax on version R80....
But beware - there is an issue with WebGUI singleIP network objects accepting only IP and name, but no MAC address when creating or editing them. R&D is already involved. Should still work from CLI, though...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fixed firmware R80.20.30 (992002348) is currently tested...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Im seeing the logs working now.
But as you said earlier regarding creating objects.. could it be that it impacts the ability to Create DHCP reservation too. since that's a step involved/possible when creating single ip objects?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You will always have CLI as a fallback ! The bug impacts the abillity to define a fixed object IP per MAC address in WebGUI (and adds a new object "device" - not mobile device - that only has a name and MAC...).
