Just reinstalled my setup, with build 94, after this I have 0 gateways or servers listed in the logs area. How can I debug this?
Hi Paul and all,
In R80 there is an easier way to see what is happening both in the log server and regarding Indexing.
You can run:
cpstat mg -f log_server
This will display information about logs currently received from GWs.
cpstat mg -f indexer
This will display the current state of the indexing
In case of dedicated Log Server or SmartEvent replace the mg with ls.
In general logs should be displayed once they are indexed in the system regardless if there are many other logs that are still not indexed.
Are you running SmartCenter with SmartEvent enabled?
Do you see logs in the "Logs" tab?
Can you run 'SmartEventCollectLogs' in expert mode and share it with me?
If this was an in-place upgrade, or you copied across a heap of logs from the old server, SmartLog could still be indexing them. I found my logs didn't show anything until the indexing had completed.
From the management server CLI (export mode) run "fw log -ft" and see if you're getting logsfrom the gateway(s). If there are new entires here then give it a bit of time (some hours potentially), and if there's still nothing start looking at SmartLog.
I have the same problem, I've disable smart event and correlation unit, enable again, install database, delete and add again correlation unit in the legacy smart event policy, install event policy etc and nothing results.
I receive logs and are indexed them.
Retrieving data ...