This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nmelay2
Collaborator
Thursday
Jump to solution

SMP logging issues

Many of the gateways I manage on SMP are missing their logs at the moment.
Logs show up locally, just not on SMP.
The issue started occurring 4 days ago on 4 gateways, and seems to be spreading.
Now 2/3 of them only show logs up until a few days ago.
Also, the same issue can be seen in different account IDs.
I'd be curious to know if any of you are also affected.

Case was raised with TAC, but got nowhere so far as we initially thought that was a 1 gateway issue, and focused on local debugging.
We'll see where this goes tomorrow.

0 Kudos
1 Solution

Accepted Solutions
yahavb
Employee
Employee
yesterday
Jump to solution

Hi, thanks for reporting this issue.

We’ve identified that the problem was caused by a server-side issue in our EU region, where approximately 30% of gateways experienced failures when attempting to store logs in the cloud.

The issue has now been fully resolved.
We are also implementing additional monitoring and alerting to ensure this type of incident is detected immediately and does not recur.

We are currently working on recovering any missing log data.

We sincerely apologize for the inconvenience, and we appreciate your patience.

View solution in original post

17 Replies
the_rock
MVP Platinum
MVP Platinum
Thursday
Jump to solution

Centrally managed?

Best,
Andy
0 Kudos
nmelay2
Collaborator
Thursday
In response to the_rock
Jump to solution

Nope, SMP.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Thursday
In response to nmelay2
Jump to solution

So thats cloud portal, meaning it would be centrally managed...no?

Best,
Andy
0 Kudos
nmelay2
Collaborator
Thursday
In response to the_rock
Jump to solution

Well, in SMB parlance, "centrally managed" means managed by SMS, not SMP.

Confusing I know...

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Thursday
In response to nmelay2
Jump to solution

Even in my 40s, some days, I feel I can only remember LOL meaning 🤣🤣

Anywho, what I would try is restart the cloud instance, since its multiple gateways having the same issue.

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
Thursday
In response to nmelay2
Jump to solution

Here is what I was referring to as far as restarting cloud instance.

 
 

Screenshot_1.png

Best,
Andy
0 Kudos
nmelay2
Collaborator
Thursday
In response to the_rock
Jump to solution

Yeah but that's not SMP, that's S1C (centrally managed by the way). 😂

That's SMP : https://portal.checkpoint.com/dashboard/sparkmanagement

the_rock
MVP Platinum
MVP Platinum
Thursday
In response to nmelay2
Jump to solution

Ah, yes, right 😂

Well, for that, you may have to open TAC case and ask them to restart it. Btw, I just created trial instance for it, how do you even install policy there? Looks way different than regular S1C 🙂

Best,
Andy
0 Kudos
Tom_Hinoue
Advisor
Advisor
Thursday
In response to the_rock
Jump to solution

@nmelay2 
We have similar case in SMP since a few days ago and have a case raised to TAC.
I think its issue with log ingestion in SMP log server side and not the gateway.

the_rock
MVP Platinum
MVP Platinum
Thursday
In response to Tom_Hinoue
Jump to solution

Good to know, Tom. It also sounds to me like this would be an issue on management side, for sure. Let us know what TAC says.

Best,
Andy
0 Kudos
nmelay2
Collaborator
Friday
In response to Tom_Hinoue
Jump to solution

Thanks @Tom_Hinoue for the confirmation.

Indeed seeing how widespread it is, that's probably a SMP server issue, though we can't really rule out a problem with the data being sent out by the gateways.

Please keep me posted on your TAC case status, and I'll do the same.
My own case number is 6-0004447395.

the_rock
MVP Platinum
MVP Platinum
Friday
In response to nmelay2
Jump to solution

@nmelay2 Just curious though, might be worth asking TAC if they can restart that instance. I remember S1C days when customers could not do so up until 2-3 years ago.

Best,
Andy
0 Kudos
nmelay2
Collaborator
Friday
In response to the_rock
Jump to solution

Oh well. The Check Point SMP admin team doesn't need me to tell them how to manage their service.
And again, this is not S1C, totally different service, no per-customer instance.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Friday
In response to nmelay2
Jump to solution

Fair enough 🙂

Best,
Andy
0 Kudos
yahavb
Employee
Employee
yesterday
Jump to solution

Hi, thanks for reporting this issue.

We’ve identified that the problem was caused by a server-side issue in our EU region, where approximately 30% of gateways experienced failures when attempting to store logs in the cloud.

The issue has now been fully resolved.
We are also implementing additional monitoring and alerting to ensure this type of incident is detected immediately and does not recur.

We are currently working on recovering any missing log data.

We sincerely apologize for the inconvenience, and we appreciate your patience.

the_rock
MVP Platinum
MVP Platinum
yesterday
In response to yahavb
Jump to solution

Thanks for the update @yahavb 

Best,
Andy
0 Kudos
nmelay2
Collaborator
9 hours ago
In response to yahavb
Jump to solution

Hello Yahav,

I confirm we can see new logs coming in since yesterday morning.
It seems like we were more severely impacted than others
In our case, missing old logs is probably not going to be an issue, but it's still good to know you're working at recovering them.

Thanks to you and the team.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events