This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AngeloP
Participant
‎2022-05-19 08:00 AM

Failed getting the incident file from the gateway. It may be expired

Hi,

 

I noticed that in SmartConsole while analyzing logs from the IPS module that sometimes pcap's are not available for analysis, with the following error like in the attached image:

Failed getting the incident file from the gateway. It may be expired

 

i found the log file for the specific event and it is present on the gateway, the alert itself shows the pcap is present and has a unique id (actual filename on the gateway) but for some reason it can't pull it on smartconsole to display for analysis.

 

worth noting that only some alerts show the "failed getting the incident file from the gateway", other display their pcap's just fine but i didn't notice some specific pattern, as in the time of alert has no meaning and older alerts are able to display pcaps while some newer alerts can't. What could cause this?

 

 

 

 

 

 

 
Preview file
18 KB
Preview file
16 KB
4 Replies
ItsTheFirewall
Explorer
‎2024-06-06 12:34 PM

Any feedback on this. We are also seeing the same.

0 Kudos
the_rock
Legend
Legend
‎2024-06-06 12:37 PM
In response to ItsTheFirewall

Based on below, seems there is a hotfix for it you need to ask TAC for.

Andy

https://community.checkpoint.com/t5/Threat-Prevention/Cannot-open-packet-capture-files-in-ips-log/td...

0 Kudos
ItsTheFirewall
Explorer
‎2024-06-06 12:42 PM
In response to the_rock

Thank you  

0 Kudos
the_rock
Legend
Legend
‎2024-06-06 12:44 PM
In response to ItsTheFirewall

This was back in 2020, lots has changed since then : - ).

But, I would still inquire about it, you can even send them the link once you open the case, thats what I always do anyway, its a good reference.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events