- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: Var/log/messages SPAM - cmik_loader_fw_contex...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Var/log/messages SPAM - cmik_loader_fw_context_match_cb: match_cb for CMI APP 31
Dear All
since the upgrade to take 76, we've noticed that our messages get SPAMed from "kernel Error" (logs are below). Does someone know what is causing this error messages?
Appliance 23800
KR
Rok
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:25999 -> 13.107.206.39:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executin
g context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:25032 -> 205.251.196.141:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.222:20890 -> 205.251.196.141:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:51691 -> 150.171.16.37:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executin
g context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:44074 -> 2.23.154.132:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executing
context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:35573 -> 13.107.206.39:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executin
g context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:62790 -> 66.163.53.1:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executing
context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:63925 -> 150.171.10.201:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executi
ng context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.222:56365 -> 150.171.10.201:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executi
ng context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:56797 -> 205.251.194.187:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.222:45689 -> 170.72.18.2:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executing
context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:FW-1: stopping debug messages for the next 39 seconds. To disable this suppression see sk74580
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_36];[172.16.10.222:58264 -> 204.14.183.5:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executin
g context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:FW-1: stopping debug messages for the next 39 seconds. To disable this suppression see sk74580
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_31];[172.16.10.223:32702 -> 208.84.5.222:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executin
g context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_31];[172.16.10.222:38189 -> 199.180.182.53:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:FW-1: stopping debug messages for the next 39 seconds. To disable this suppression see sk74580
Sep 7 10:31:21 2024 fwgw-wbg-01 AutoUpdater[25735]: Error occurred running the application.
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_23];[172.16.10.222:60344 -> 199.180.182.53:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:22 2024 fwgw-wbg-01 kernel:[fw4_23];[172.16.10.223:50733 -> 13.107.236.201:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:23 2024 fwgw-wbg-01 kernel:[fw4_23];[172.16.10.222:45935 -> 81.169.144.234:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:23 2024 fwgw-wbg-01 kernel:[fw4_23];[172.16.10.222:19411 -> 150.171.10.32:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executi
ng context 366 and adding the app to apps in exception
Sep 7 10:31:23 2024 fwgw-wbg-01 kernel:[fw4_23];[172.16.10.223:28740 -> 140.205.122.243:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execu
ting context 366 and adding the app to apps in exception
Sep 7 10:31:23 2024 fwgw-wbg-01 kernel:[fw4_23];[172.16.10.223:65035 -> 108.162.192.122:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execu
ting context 366 and adding the app to apps in exception
Sep 7 10:31:23 2024 fwgw-wbg-01 kernel:
Sep 7 10:31:23 2024 fwgw-wbg-01 kernel:FW-1: stopping debug messages for the next 37 seconds. To disable this suppression see sk74580
Sep 7 10:31:26 2024 fwgw-wbg-01 AutoUpdater[26181]: Error occurred running the application.
Sep 7 10:31:31 2024 fwgw-wbg-01 AutoUpdater[26295]: Error occurred running the application.
Sep 7 10:31:36 2024 fwgw-wbg-01 AutoUpdater[26675]: Error occurred running the application.
Sep 7 10:31:42 2024 fwgw-wbg-01 AutoUpdater[26709]: Error occurred running the application.
Sep 7 10:31:47 2024 fwgw-wbg-01 AutoUpdater[26732]: Error occurred running the application.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Mlinko
Did you read this SK? https://support.checkpoint.com/results/sk/sk182606
Symptoms
-
The $FWDIR/log/fwk.elg or /var/log/messages file on the Security Gateway / Cluster Member contains this line repeatedly:
cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executing context 366 and adding the app to apps in exception
-
Traffic outages through a Security Gateway / Cluster / VSX Virtual System, and core dumps are created.
Cause
A missing attribute in the DNS server response causes a data failure.
Solution
Contact Check Point Support to get a Hotfix for this issue.
The fix resolves this issue by ensuring that the Security Gateway does not fail when the specified attribute is invalid.
A Support Engineer will make sure the Hotfix is compatible with your environment before providing it.
For faster resolution and verification, collect these files:
- CPinfo file from the Management Server involved in the case.
- CPinfo file from the Security Gateway / each Cluster Member involved in the case.
Hotfix installation instructions:
Refer to sk168597 - How to install a Hotfix.
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Mlinko
Did you read this SK? https://support.checkpoint.com/results/sk/sk182606
Symptoms
-
The $FWDIR/log/fwk.elg or /var/log/messages file on the Security Gateway / Cluster Member contains this line repeatedly:
cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executing context 366 and adding the app to apps in exception
-
Traffic outages through a Security Gateway / Cluster / VSX Virtual System, and core dumps are created.
Cause
A missing attribute in the DNS server response causes a data failure.
Solution
Contact Check Point Support to get a Hotfix for this issue.
The fix resolves this issue by ensuring that the Security Gateway does not fail when the specified attribute is invalid.
A Support Engineer will make sure the Hotfix is compatible with your environment before providing it.
For faster resolution and verification, collect these files:
- CPinfo file from the Management Server involved in the case.
- CPinfo file from the Security Gateway / each Cluster Member involved in the case.
Hotfix installation instructions:
Refer to sk168597 - How to install a Hotfix.
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @AkosBakos,
I was searching for the SK but I couldn't find one, thank you for our reply! I'll have a look at it!
KR
Rok
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The PRJ-56360 is included in R81.20 JT 90 Released on 12 November 2024 https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/Take_90.htm?Highlight=PRJ-56360
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the sk article says that cause is a missing attribute in the DNS server response.
is there any detail as to what could be missing? we have around 20 gateways all using the same policy, all pointing to the same series of DNS servers but only one is showing this error.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am also getting same error on gateway which is running in R81.20 version take 76 hotfix
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The fix for this does not appear to be available as part of a JHF yet.
You will need to request the specific hotfix from TAC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I applied the JHF76 hotfix yesterday and I'm still getting these errors, but not nearly as many. TAC is looking at it.
[Mon Sep 16 05:58:19 2024] [fw4_4];[someIP:56780 -> someEXTip:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 10 - RESOURCE_REPUTATION failed on context 201, executing context 366 and adding the app to apps in exception
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The same messages continue to appear also in take 84. Quite long time without adding the fix into a jumbo hotfix.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is worse :
- the hotfix is only available by opening a support case, which for the majority of the customers implies going through a partner, adding latency to the resolution
- the SK182606 has been created on 2024-08-21, before JHF 84 was out ("Released on 5 Sep 2024 and declared as Recommended on 18 Sep 2024"), and is still not listed in the known issues of any JHF
- in our case, upgrading from JHF 53 to 84, the bug has been introduced by the JHF 84 !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
in Take 76, checkpoint tac provided a hotfix for this DNS errror and I had to remove the hotfix checkpoint provided in order to be able to upgrade to take 84, not good.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Even the latest R81.20 take 89 reports still same errors ...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was seeing this in T76 and T84. Contacted TAC and was provided a portfix and the issue gone now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yep, a hotfix does exist, but it has not been added into any jumbo hotfixes yet, after being discovered so long time ago.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi this fix will be added to the next JHF releases for all versions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good news!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Max_Frankl is this a gateway or a management releated issue?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Security Gateway issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Max,
Same problem here with an Security Gateway in R81.20 JHF 89
I have opened a case with the tac, and they indicate that there is no hotfix for the Jumbo 89.
Do you have any news about when the hotfix for this Jumbo will be released?
I see many people have this same problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just received the wrapper hotfix for take 89 today, reach out to them again, they should have it already.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Max_Frankl ,
We have the same issue with a new upgrade to R81.20 jumbo 89. Already have a case open with TAC however wanted to ask here if there is any workaround while we get the hotfix or any ETA for the jumbo with the fix?
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TAC told me this issues is fixed in R82.
=
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why then includes sk182606 R82 as Version ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @RS_Daniel and all
if you refer to sk182606 and the HF from this sk so as Max mention it was not yet released
It will be release in the next jumbo we target to release during next week ( the relevant PRJ for R81.20 from the sk is PRJ-56360)
Thanks
Matan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can confirm that error messages have disappeared after installation of R81.20 jumbo 90.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R81.20 Take 90 was Released on 12 November 2024 - but this inormation is missing from sk182606, and no reference to sk182606 is found in https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/Take_90.htm, only to PRJ-56360 !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Matan,
when we find logs like this "CMI APP 31 - DNS_DATA_SOURCE failed on context 201" how we can go deeper with investigation/troubleshooting? it is possible to identify what is context 201? trying to find some useful command but no luck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Richard_Wieser , the portfix was provided for T84?