This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hrvoje_Brlek
Collaborator
‎2020-10-29 02:17 PM
Jump to solution

Identity Collector - number of events

Hi,

I am setting up an Identity Collector in our CP environment. I have one question regarding the number of events. In the Identity Collector dashboard I can see the number of events being sent, and through the Gateway CLI we can see also the number of events, but these two numbers do not correlate with each other. Is this an expected behavior?

I'm sending the examples below.

Identity Collector:

Untitled2.png

Untitled1.png

Gateway CLI:

Izrezak.JPG

0 Kudos
1 Solution

Accepted Solutions
Royi_Priov
Employee
Employee
‎2020-11-03 01:07 AM
In response to Hrvoje_Brlek
Jump to solution

Hi @Hrvoje_Brlek 

have you enabled the monitoring feature on IDC side? (check "Monitoring capability" section under sk108235)

Thanks,
Royi Priov
R&D Group manager, Infinity Identity

View solution in original post

0 Kudos
13 Replies
PhoneBoy
Admin
Admin
‎2020-10-31 11:26 PM
Jump to solution

@Royi_Priov ?

0 Kudos
Royi_Priov
Employee
Employee
‎2020-11-01 01:02 AM
Jump to solution

Hi @Hrvoje_Brlek,

I don't remember the calculation behind "pdp conn idc" event counter, but probably there is a logic to unify the events for same user&IP (while the UI for sure doesn't unify them).

To see the same output as the IDC UI, you can use "pdp idc status"  (R80.30 and above) or "cpstat identityServer -f idc"

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
0 Kudos
Hrvoje_Brlek
Collaborator
‎2020-11-02 02:23 AM
In response to Royi_Priov
Jump to solution

Hi,

When I run those commands, this is the output I get:

ic-CP.jpg

The same output is on a Gateway running 80.40 JHF T83 and on 80.30 JHF T219.

Am I doing something wrong?

There is no connectivity issues between Identity Collector and the Gateways (both VSX), nor are there any firewalls on the way. Identity collector version is the latest one from CP, it has configured six DCs, with all of them generating events visible through IC dashboard.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-11-02 03:37 AM
In response to Hrvoje_Brlek
Jump to solution

Why not have TAC resolve this ? Does not look healthy...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Hrvoje_Brlek
Collaborator
‎2020-11-02 12:16 PM
In response to G_W_Albrecht
Jump to solution

Already have a few TAC cases open. Would really like not to have to open a TAC case for every minor change or implementation in a Check Point environment. 😐

But, if necessary will do so...

0 Kudos
Royi_Priov
Employee
Employee
‎2020-11-03 01:07 AM
In response to Hrvoje_Brlek
Jump to solution

Hi @Hrvoje_Brlek 

have you enabled the monitoring feature on IDC side? (check "Monitoring capability" section under sk108235)

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
0 Kudos
Hrvoje_Brlek
Collaborator
‎2020-11-03 03:12 PM
In response to Royi_Priov
Jump to solution

Works like a charm, thank you very much 😊

Grateful that no TAC was necessary 😉

daniextremo
Explorer
‎2023-02-23 11:45 PM
In response to Hrvoje_Brlek
Jump to solution

Hi @Hrvoje_Brlek ,

 I have same problem in R80.30 take 255. Since I enabled IDC and removed Ad Query (wmi access denied since last patch for windows server), the "Source User Name" field is not displayed on the logs tab. As a result, some policies are not being matched.  In IDC side everything seems fine: 

Captura.JPG

# pdp idc status
Identity Collector IP: X.X.X.X
Identity Sources:
No information about identity sources

 

pdp conn idc

Number of IDCollector sessions: 1
------------------------------------------------------------------------------------------------------------
# IP Number of events Shared secret status Last Event
------------------------------------------------------------------------------------------------------------
1 x.x.x.x Valid No events received in the last hour

 

¿How to fix?

Regards

0 Kudos
Hrvoje_Brlek
Collaborator
‎2023-02-24 05:12 AM
In response to daniextremo
Jump to solution

Hi @daniextremo, this was a post from a few years ago, but as I recall I followed the section "Monitoring Capability" in sk108235 and it helped -> you need to add the Registry Key on the IDC server (Windows machine).

0 Kudos
daniextremo
Explorer
‎2023-02-24 05:32 AM
In response to Hrvoje_Brlek
Jump to solution

Thanks for reply @Hrvoje_Brlek . I could fix the problem. 

Regards!

0 Kudos
bcalderon
Explorer
Explorer
‎2023-09-19 02:12 PM
In response to daniextremo
Jump to solution

hello @daniextremo , How did you solve your problem, I have the same problem in a load sharing cluster R81.10

0 Kudos
bcalderon
Explorer
Explorer
‎2023-09-19 02:47 PM
In response to daniextremo
Jump to solution

hello @daniextremo , How did you solve the problem?, I have the same problem with a cluster

 

0 Kudos
daniextremo
Explorer
‎2023-09-19 11:42 PM
In response to bcalderon
Jump to solution

Hi @bcalderon ,

I don't remember exactly, but it's very likely that it was solved by adding the registry key that @Hrvoje_Brlek  mention.
I see that registry key exists in my server.

Identity Collector - Send Monitoring Information 

Regards

Captura de pantalla 2023-09-20 083939.png 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events