Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend
Legend

Error when searching R80.20.30 Security Logs

Jump to solution

Customer pointed out an error with R80.20.30 (992002285) on 1800, 1530 and 1550 ! When searching Security Logs using the syntax as shown in Help: Source:192.168.1.1 an error will be displayed:

An internal error has occurred.
If the problem persists please contact Check Point Technical Assistance Center
 
Web Server Error
 
In system Logs, corresponding entry will show something like:
 
[System error] CODE_SYS_ERROR (000.000.000) - /usr/local/share/lua/5.1/sys/utils/queryParser.lua:0: attempt to index a nil value (Log reference: 1627936713)
 
This search has worked with all firmware versions up to now - what still does work is a search for 192.168.1.1 only, but entering text will produce this error. Case wth TAC is already open...
1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend

Fixed firmware R80.20.30 (992002339) is available from TAC - i has resolved the issue on my 1550 😎.

I would suggest to wait for a GA firmware; otherwise open a SR# or Chat with TAC to receive a copy.

View solution in original post

19 Replies
dupacv
Participant

I have the exact same experience since update.

V.D.
0 Kudos
G_W_Albrecht
Legend
Legend

R&D is now involved, so i hope that a new firmware will come soon ! As this is the official syntax for the Security Logs, this should be fixed asap 😎

G_W_Albrecht
Legend
Legend

In 6-0002939266 R&D says SMBs don't support any keywords (i.e. Source/Destination/sport/dport) in locally managed webUI search logs. This can not be - @PhoneBoy, can you please point this out to some SMB specialists ?

G_W_Albrecht
Legend
Legend

R&D corrected the statement, it should be possible to use single keywords (i.e. Source/Destination/sport/dport) in locally managed webUI log search. 

dupacv
Participant

And is that corrected .img file version available? In R80.20.30 (992002285) I can see that if you use something like source/destination/port ... without parameter - it works, or if you use only IP address or number of port, all that works OK. But together like source:192.168.1.1 or port:443 - that's problem and it does that error in the first post.

V.D.
0 Kudos
G_W_Albrecht
Legend
Legend

As i wrote above, R&D is currently working on this issue that a query for Source:192.168.1.1 will show an error. This should be fixed in a new firmware version that is, of course, not available before they have found the relevant bug that has led to my post 😎

0 Kudos
skandshus
Contributor

I am seeing the exact same thing here…

when I do a search for example source:192.168.1.6

it errors out,  and it also output error in the system log the same time 

 

 

 

are you able to see the same? if you do a search in the security logs, then after it errors out go to system log. do you also have an error there right after?

0 Kudos
G_W_Albrecht
Legend
Legend

Yes, it is that issue 😎

0 Kudos
skandshus
Contributor

Guess we just have to wait in eternal patience 😞

 

do I need to create my own TAC case? Or are they usually quick to roll out fixes?(still new in the checkpoint world)

0 Kudos
G_W_Albrecht
Legend
Legend

R & D are currently testing a fix for this issue, stay tuned ! 😎

0 Kudos
skandshus
Contributor

Fingers crossed. Saw the issue again today when deleting a nat rule “web server error” 

So something is definitely wrong.. 

0 Kudos
G_W_Albrecht
Legend
Legend

You did not see "THE" issue anywhere. Deleting a NAT Rule has nothing to do with searching Security Logs - our web server error is a generic error (WebGUI talking to database and communication does not work), so you have to look into System Logs to differentiate the causes.

0 Kudos
G_W_Albrecht
Legend
Legend

Fixed firmware R80.20.30 (992002339) is available from TAC - i has resolved the issue on my 1550 😎.

I would suggest to wait for a GA firmware; otherwise open a SR# or Chat with TAC to receive a copy.

View solution in original post

skandshus
Contributor

Sharing is caring.. thank you I’ll create my own TAC..

0 Kudos
G_W_Albrecht
Legend
Legend

TAC wrote: the fix is now in the jumbo so I will issue an SK for it and support will be able to provide the jumbo to any customer who complains about it. It will of course also be included in the next GA but R80.20.30 GA was released not too long ago.

The sk175063 should be available in a few days, but you can just ask TAC for R80.20.30 (992002339) firmware...

0 Kudos
G_W_Albrecht
Legend
Legend

SK is ready as sk175063: System error while searching on Quantum Spark Appliance with simple syntax on version R80....

But beware - there is an issue with WebGUI singleIP network objects accepting only IP and name, but no MAC address when creating or editing them. R&D is already involved. Should still work from CLI, though...

G_W_Albrecht
Legend
Legend

Fixed firmware R80.20.30 (992002348) is currently tested...

skandshus
Contributor

Im seeing the logs working now.

But as you said earlier regarding creating objects.. could it be that it impacts the ability to Create DHCP reservation too. since that's a step involved/possible when creating single ip objects?

0 Kudos
G_W_Albrecht
Legend
Legend

You will always have CLI as a fallback ! The bug impacts the abillity to define a fixed object IP per MAC address in WebGUI (and adds a new object "device" - not mobile device - that only has a name and MAC...).

0 Kudos