We are using Checkpoint R77.30 firewall, Gateways are not sending the logs to Checkpoint management server, Is anyone has similar issue?.
I think I have the same issue. My coffee machine at home doesn't want to make cappuchino sometimes. Maybe you know the reason for that?
Information, details about the setup, logs, configs and settings, your actions and tests? Nobody will be able to help you without some basic input information.
I had this happen when my management server died, and was off line for a couple of days while I rebuilt the RMA unit. I called support, and there is a way to go into each gateway and jog its memory. However, the simpler way was to do a policy push to each gateway/cluster that the management server managed.
- check management interface in GAIA GUI
- add no NAT rule from GW to Management
- add log rule (from GW to Management)
- check log port on Management ( netstat -na | grep 257)
- do you see log trafffic (tcpdump -i <ethx> port 257)
- check drops (fw ctl zdebug drop | grep 257)
- check log server in global properties
- check on GW the masters.cf file - the log server should be entered here
- see SK Troubleshooting Check Point logging issues when Security Management Server / Log Server is not receiving logs from Secur…
Otherwise open a Check Point ticket.
One more tip, if your log server is separate from Mgmt then install database and then push policy.
in addition to tips provided by Heiko Ankenbrand, check free space in your log server, if not create sufficient space. most of the cases below procedure saved my day.
I like the idea but a dummy log server on the same IP can lead to problems. The problem is that the dummy and the original log server want to share port 257. There may be problems here.
If all these tips don't help, I'd open a ticket.
any non conflicting IP would work
See sk38848, sk40090, sk108707 & sk66381
Heiko has provided nice steps to troubleshoot this issue. After going through all this steps, definitely you will come to conclusion.
Retrieving data ...