This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
viet_le_minh
Explorer
‎2019-03-05 07:07 AM

R80.20 Log Management have problems with display properly

I have problems with Log Server R80.20 as screenshot. Please guide me how I can fix this issue.

Log

0 Kudos
3 Replies
Danny
Champion Champion
Champion
‎2019-03-05 07:21 AM

Please run the latest Health Check and ccc script and show us their output. Thanks!

0 Kudos
viet_le_minh
Explorer
‎2019-03-05 07:36 AM
In response to Danny

Thanks for your reply

Here is my output:

+-----------------------------------------------------------------------+
| Physical System Checks |
+-----------------------+-------------------------------+---------------+
| Category | Title | Result |
+=======================+===============================+===============+
| System | Uptime | INFO |
| | OS Version | OK |
+-----------------------+-------------------------------+---------------+
| NTP | NTP Daemon | WARNING |
+-----------------------+-------------------------------+---------------+
| Disk Space | Free Disk Space | OK |
+-----------------------+-------------------------------+---------------+
| Memory | Physical Memory | OK |
| | Swap Memory | OK |
+-----------------------+-------------------------------+---------------+
| CPU | CPU idle% | OK |
| | CPU user% | OK |
| | CPU system% | OK |
| | CPU wait% | OK |
| | CPU interrupt% | OK |
+-----------------------+-------------------------------+---------------+
| Interface Stats | RX Errors | OK |
| | RX Drops | OK |
| | RX Missed Errors | OK |
| | RX Overruns | OK |
| | TX Errors | OK |
| | TX Drops | OK |
| | TX Carrier Errors | OK |
| | TX Overruns | OK |
+-----------------------+-------------------------------+---------------+
| Misc. Messages | Known Issues in Logs | OK |
+-----------------------+-------------------------------+---------------+
| Processes | Zombie Processes | WARNING |
| | Process Restarts | OK |
+-----------------------+-------------------------------+---------------+
| Core Files | Usermode Cores Present | WARNING |
| | Kernel Cores Present | OK |
+-----------------------+-------------------------------+---------------+
| Check Point | CPInfo Build Number | OK |
| | CPUSE Build Number | OK |
+-----------------------+-------------------------------+---------------+
| Debugs | Active tcpdump | OK |
| | Active Debug Processes | OK |
| | CPM Debugs | OK |
| | TDERROR Configured | OK |
+-----------------------+-------------------------------+---------------+

#################################
# Health Check Summary Report #
#################################

+-----------------------+
| System |
+-----------------------+
Uptime Check Info:
The system has been rebooted within the last week.
Please review "/var/log/messages" files (if they have not rolled over) if the system was not manually rebooted.


+-----------------------+
| NTP |
+-----------------------+
NTP Daemon: Unable to talk to the NTP daemon.

NTP Information:
Please use sk92602 and sk83820 for assistance with verifying NTP is configured and functioning properly.


+-----------------------+
| Processes |
+-----------------------+
1 zombie processes found.
PID COMMAND
5126 [cpm.sh] <defunct>

+-----------------------+
| Core Files |
+-----------------------+
Usermode Cores:
-rw-rw---- 1 admin root 9.3M Mar 5 15:49 CPMUSER.10147.20190305.154414.tar.gz
-rw-r--r-- 1 admin root 8.0M Feb 28 13:54 fwm.4782.core.gz
-rw-r--r-- 1 admin root 33M Mar 5 21:50 log_indexer.11071.core.gz
-rw-r--r-- 1 admin root 33M Mar 5 21:52 log_indexer.11473.core.gz
-rw-r--r-- 1 admin root 12M Feb 28 13:48 smartlog_server.13729.core.gz
-rw-r--r-- 1 admin root 11M Feb 27 13:11 smartlog_server.5366.core.gz

Core files detected on this system.
Please upload the following to Check Point for analysis:
-Current cpinfo from this system
-Usermode core files from /var/log/dump/usermode/


# Output Files:
#########################
A report with the above output and the results from each command run has been saved to the following log files:
/var/log/LOG01_health-check_201903052225.txt
/var/log/LOG01_health-check_201903052225.html
/var/log/LOG01_health-check_summary_201903052225.csv

------------------------------------------------ ccc v4.0 -
LOG01
-----------------------------------------------------------
System Firewall Management (with Smart Event)
Type VMware Virtual Platform
OS Gaia R80.20 JHF (Take 33) @ 64-bit
CPU 8 Cores | Load 1.05%
RAM 32 GB (Free: 18 GB) | Swapping 0 GB
Core dumps Present | Crash dumps: -
Uptime 56 minutes
-----------------------------------------------------------
Interfaces vmxnet3
RAID -
-----------------------------------------------------------

tail -n 20 /opt/CPsuite-R80.20/fw1/log/fwd.elg | more

CLogFormat::create failed - field already exists (dst_user_name) of type (string) !. format string: ("product" "string_id" "TCP packet out of state" "string_id" "tcp_flags" "strin
g_id" "src" "ipaddr" "s_port" "port" "dst" "ipaddr" "service" "port" "proto" "proto" "dst_user_name" "string" "dst_machine_name" "string" "__policy_id_tag" "string_id" "origin_sic_
name" "string_id" "dst_user_name" "string" "dst_machine_name" "string")

0 Kudos
viet_le_minh
Explorer
‎2019-03-06 11:35 PM

I find workaround solution for this case is disable "Indentity Logging" functioning in Log Server and "Indentity Awareness " in Gateway.

But I think we need to have a better solution.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events