Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Prabulingam_N1
Advisor

CPLogToSyslog process getting Terminated frequently

Dear All,

We have integrated ArcSight Syslog with Checkpoint R80.10 with JHF_Take_46 as per 

sk109016, sk115392, sk121334

$FWDIR/state/SEAM/local.cplogtosyslog_policy.C is configured correctly.

For 2 days, ArcSight was receiving the logs. But stopped.

With "cpwd_admin list" - CPLogToSyslog process getting Terminated and tried restarting as well but no luck.

Took CPLogToSyslog debug as well, but all it states that UDP succeeded for ArcSight IP in 514 port.

Fwm.elg as well with no clue.

Any help to see why CPLogToSyslog process getting Terminated constantly.


(No drops as well Firewall during restart of CPLogToSyslog process or with ArcSight IP)

Regards, Prabulingam.N

8 Replies
PhoneBoy
Admin
Admin

Have you opened a TAC case, by chance?

0 Kudos
Prabulingam_N1
Advisor

Dear Dameon,

I had opened TAC case for this but awaiting for inputs.

In meanwhile I had also tried with Take_56 JHF and CPLogToSyslog_Take_56. No luck, still the process getting terminated and logs not getting forwarded.

Not sure is there any stability concern on Take_42 and Take_56 of CPLogToSyslog HFs.

Regards, Prabulingam.N

0 Kudos
PhoneBoy
Admin
Admin

I recommend using the new Log Exporter tool instead of CPLogToSyslog: https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

0 Kudos
Prabulingam_N1
Advisor

Dear Daemon,

Yes, I could achieve good results using Log_Exporter instead of CPLogToSyslog.

Thanks to Yonatan as well.

Regards, Prabulingam.N

0 Kudos
RickHoppe
Advisor

We ran into crashes with CPLogToSyslog as well and replaced it with the EA of the Logout tool (sometimes also mentioned as Logexporter). Contact TAC for this.

My blog: https://checkpoint.engineer
0 Kudos
Prabulingam_N1
Advisor

Dear Rick/Daemon,

Thanks for your inputs.

Not yet opened TAC case.

But this I had also observed with another customer where after few days CPLogToSyslog process gets terminated and doesn't comes up.

Let me check this and probably I can update the result.

Regards, Prabulingam.N

0 Kudos
Yonatan_Philip
Employee Alumnus
Employee Alumnus

Hello,

 

A new log exporting tool has been released. This tool will be replacing CPLogToSyslog.

You can find all relevant details in Logs Exporter - Check Point Logs Export.

 

The new tool has built-in CEF conversion which was developed in collaboration with Micro Focus.

Regards,

 Yonatan 

0 Kudos
Prabulingam_N1
Advisor

Dear Yonatan,

Thanks for headsup. Let me try this.

Regards, Prabulingam.N

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events