I was trying to get external syslog sources feed into my SmartCenter database (R80.20).
My R80.20 gateway as just doing fine. But I couldn't see anything from various syslog sources.
I had it going in older versions so I was a bit puzzled.
Then I found cpsyslog stopped receiving syslog messages on port 514 and Security Management is configured to accept syslog connections. However, after reboot, Check Point's syslog process is listening on 127.0.0.1 instead of 0.0.0.0 and I started to tinker with it.
Now I have events from my syslog source but ..... there is no trace from any log from my R80.20 gateway to be found in my SmartCenter. As I made this change only yesterday I was expecting I would see the R80.20 gateway as ORIGIN at least untill I made the change. But even if I look at the last 30 days there is not a trace of the logs of my R80.20 gateway.
Has anyone seen this odd behaviour? My guess it is something odd in the SmartCenter. But I haven't been able to track it down yet. (And I haven't started a ticket yet as this is my lab.)