Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hrvoje_Brlek
Collaborator
Jump to solution

Identity Collector - number of events

Hi,

I am setting up an Identity Collector in our CP environment. I have one question regarding the number of events. In the Identity Collector dashboard I can see the number of events being sent, and through the Gateway CLI we can see also the number of events, but these two numbers do not correlate with each other. Is this an expected behavior?

I'm sending the examples below.

Identity Collector:

Untitled2.png

Untitled1.png

Gateway CLI:

Izrezak.JPG

0 Kudos
1 Solution

Accepted Solutions
Royi_Priov
Employee
Employee

Hi @Hrvoje_Brlek 

have you enabled the monitoring feature on IDC side? (check "Monitoring capability" section under sk108235)

Thanks,
Royi Priov
Group manager, Identity Awareness R&D

View solution in original post

0 Kudos
13 Replies
PhoneBoy
Admin
Admin
0 Kudos
Royi_Priov
Employee
Employee

Hi @Hrvoje_Brlek,

I don't remember the calculation behind "pdp conn idc" event counter, but probably there is a logic to unify the events for same user&IP (while the UI for sure doesn't unify them).

To see the same output as the IDC UI, you can use "pdp idc status"  (R80.30 and above) or "cpstat identityServer -f idc"

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Hrvoje_Brlek
Collaborator

Hi,

When I run those commands, this is the output I get:

ic-CP.jpg

The same output is on a Gateway running 80.40 JHF T83 and on 80.30 JHF T219.

Am I doing something wrong?

There is no connectivity issues between Identity Collector and the Gateways (both VSX), nor are there any firewalls on the way. Identity collector version is the latest one from CP, it has configured six DCs, with all of them generating events visible through IC dashboard.

0 Kudos
G_W_Albrecht
Legend
Legend

Why not have TAC resolve this ? Does not look healthy...

CCSE CCTE CCSM SMB Specialist
0 Kudos
Hrvoje_Brlek
Collaborator

Already have a few TAC cases open. Would really like not to have to open a TAC case for every minor change or implementation in a Check Point environment. 😐

But, if necessary will do so...

0 Kudos
Royi_Priov
Employee
Employee

Hi @Hrvoje_Brlek 

have you enabled the monitoring feature on IDC side? (check "Monitoring capability" section under sk108235)

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Hrvoje_Brlek
Collaborator

Works like a charm, thank you very much 😊

Grateful that no TAC was necessary 😉

daniextremo
Explorer

Hi @Hrvoje_Brlek ,

 I have same problem in R80.30 take 255. Since I enabled IDC and removed Ad Query (wmi access denied since last patch for windows server), the "Source User Name" field is not displayed on the logs tab. As a result, some policies are not being matched.  In IDC side everything seems fine: 

Captura.JPG

# pdp idc status
Identity Collector IP: X.X.X.X
Identity Sources:
No information about identity sources

 

pdp conn idc

Number of IDCollector sessions: 1
------------------------------------------------------------------------------------------------------------
# IP Number of events Shared secret status Last Event
------------------------------------------------------------------------------------------------------------
1 x.x.x.x Valid No events received in the last hour

 

¿How to fix?

Regards

0 Kudos
Hrvoje_Brlek
Collaborator

Hi @daniextremo, this was a post from a few years ago, but as I recall I followed the section "Monitoring Capability" in sk108235 and it helped -> you need to add the Registry Key on the IDC server (Windows machine).

0 Kudos
daniextremo
Explorer

Thanks for reply @Hrvoje_Brlek . I could fix the problem. 

Regards!

0 Kudos
bcalderon
Explorer
Explorer

hello @daniextremo , How did you solve your problem, I have the same problem in a load sharing cluster R81.10

0 Kudos
bcalderon
Explorer
Explorer

hello @daniextremo , How did you solve the problem?, I have the same problem with a cluster

 

0 Kudos
daniextremo
Explorer

Hi @bcalderon ,

I don't remember exactly, but it's very likely that it was solved by adding the registry key that @Hrvoje_Brlek  mention.
I see that registry key exists in my server.

Identity Collector - Send Monitoring Information 

Regards

Captura de pantalla 2023-09-20 083939.png 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events