- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi,
I have network logs on my gateway when I have stopped the manager (cpstop on SMS)
On the output of my "fw log -n - p" command on gateway, I see many connection logs on that time interval. When I search the connections on my Smartlog after cpstrat of my SMS, I could not see the same connection logs on the Smartlog.
What may be the reason? Does SMS gets the logs automatically after cpstart or that I should do some manuel process?
B.R.
hi,
Just to help here, I came across several 'issues' in R77.30 where once the logging stopped to a log server , it never restarted by itself.
Only way we found was to create a dummy object in the policy, add that as the log server, push policy, then put back the original log server object, push policy again.
This was the only foolproof method we found.
However If you want to configure gateways to send any locally collected logs to the SMS/MDS once the connection is back up, you need to go under Logs > Additional Logging on the gateway or cluster object and configure Forward Logs to Log Server and specify a time interval (midnight). This may be different in R80 but certainly worked in r77.30.
thanks
Peter
When SMS is unavailable, GWs switch to local logging. But you can manually copy the missing logs to the SMS, rebuild the index and all should be fine. Please check the document SMB security log files i wrote some time ago for details !
If I do not do this manuel process, all logs will be kept in the gateway. If I lost the gw, I will lost the logs also. I think it should be an automatic process as soon as SMS comes back online.
You need to push policy and after that gateway will start logging to SMS (in case 257/tcp port is reachable towards SMS and SMS is fully cpstarted).
Where did you get that information from ? There are some cases when policy install is necessary, but here, a cprestart on SMS will do the job. Afaik GW will connect again to the SMS when logging port 257 is open again for receiving...
The logic may be changed within R80.x, but as we are still using R77.30 (MDS / GW), it was observed like I described.
We are using 2 dedicated logservers, and in case 1 of them went down, the gateways will start logging locally no matter if logserver went up again in few minutes. We had to push the policy, or remove logserver which was down and push the policy to start logging only to one logserver. We will do maintenance on 1 logserver soon, so I can verify that behaviour again.
hi,
Just to help here, I came across several 'issues' in R77.30 where once the logging stopped to a log server , it never restarted by itself.
Only way we found was to create a dummy object in the policy, add that as the log server, push policy, then put back the original log server object, push policy again.
This was the only foolproof method we found.
However If you want to configure gateways to send any locally collected logs to the SMS/MDS once the connection is back up, you need to go under Logs > Additional Logging on the gateway or cluster object and configure Forward Logs to Log Server and specify a time interval (midnight). This may be different in R80 but certainly worked in r77.30.
thanks
Peter
Hi Peter,
Thank you for your reply.
As I understood, it is a scheduled (at midnight) process, gw does not send the logs as soon as the sms gets online. Am I right? Then, Is there a way to make it in that way?
BR
Hi ,
You can create a schedule object for whatever time you like
Thanks
Peter
I have scheduled as 3 minutes. It works. Thanks. Now the smartlog shows the outage logs and removes them from the gw.
There is a log file switch performed by default at midnight. Any other log file switches are additional.
If log file reached 2GB in size, then will be switched automatically.
I see - so what i said is only true for GW sending directly to SMS only (in that deployment, logging changed to SMS again).
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 19 | |
| 8 | |
| 6 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 2 |
Thu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealThu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASETue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY