Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
srinidhi
Participant
Jump to solution

Error in Show logs API

Hi,

I am trying to get the Checkpoint logs using API from postman and I could see the below error.

I can see all the logs in the smart console. Please let me know if I need to change any settings.

Thanks

Screenshot 2022-11-14 at 5.59.06 PM.png

0 Kudos
2 Solutions

Accepted Solutions
Duane_Toler
Advisor

As @PhoneBoy said, your management should be your log server.  What do you get with the API call "show-checkpoint-host name <server name> details-level full"?  You should see:

 

  "management-blades" : {
...
   "logging-and-status" : true,
...
 }
...
  "logs-settings" : {
    "enable-log-indexing" : true,
...
  }

 

If not, then you need to enable the Logging blade on your management object as well as log indexing.  The show-logs API requires the indexer to be running.  Use SmartConsole to enable both options:

* Edit your management object, select the the "Logging and Status" checkbox in the Products list

* On the left tree, select Logs, and enable Log Indexing

* Click OK, publish changes

 

You'll have to wait for the indexer to load the logs into the database which can take time, depending on your log size and any historical logs.  If you need to load historical logs, then you'll need to use sk111766.

 

View solution in original post

0 Kudos
Amir_Senn
Employee
Employee

It only shows log server working in index mode. IDK if relevant in your case but if the server is not indexing the logs it might explain the error for no log servers available.

Kind regards, Amir Senn

View solution in original post

0 Kudos
19 Replies
srinidhi
Participant

Hi Thanks, but I see it works in the smart console, but in the API I get this error. So is there any specific settings to configure management server as log server .

0 Kudos
the_rock
Legend
Legend

Gotcha...just wondering, do you see anything from below command?

https://sc1.checkpoint.com/documents/latest/APIs/?#cli/show-logs~v1.8.1%20

Unless I dont see it, cant really locate section to configure log server, maybe someone else can chime in.

0 Kudos
srinidhi
Participant

I see server_error with the command

Screenshot 2022-11-14 at 7.34.21 PM.png

0 Kudos
the_rock
Legend
Legend

Can you try api restart?

0 Kudos
srinidhi
Participant

yes, but still the same error

0 Kudos
Duane_Toler
Advisor

You need "new-query.time-frame" as well.

0 Kudos
srinidhi
Participant

I get the same error as in the post, when I tried with new-query.time-frame

I assume that I need to configure management server as log server, but I am confused that I can see logs in the Smart Console,  not sure if I am right, Please let me know what are the steps to check and change log server configuration.

Screenshot 2022-11-14 at 11.28.38 PM.png

0 Kudos
PhoneBoy
Admin
Admin

The management server is the log server unless you've configured an external log and/or SmartEvent server.
What are the hardware specs on your management/log server?
Specify the amount of RAM, CPUs, and disk allocated.

0 Kudos
srinidhi
Participant

Please find the configuration

RAM - 11GB

CPU- 2 cores

Storage- 200GB

0 Kudos
Duane_Toler
Advisor

As @PhoneBoy said, your management should be your log server.  What do you get with the API call "show-checkpoint-host name <server name> details-level full"?  You should see:

 

  "management-blades" : {
...
   "logging-and-status" : true,
...
 }
...
  "logs-settings" : {
    "enable-log-indexing" : true,
...
  }

 

If not, then you need to enable the Logging blade on your management object as well as log indexing.  The show-logs API requires the indexer to be running.  Use SmartConsole to enable both options:

* Edit your management object, select the the "Logging and Status" checkbox in the Products list

* On the left tree, select Logs, and enable Log Indexing

* Click OK, publish changes

 

You'll have to wait for the indexer to load the logs into the database which can take time, depending on your log size and any historical logs.  If you need to load historical logs, then you'll need to use sk111766.

 

0 Kudos
srinidhi
Participant

Thanks, after enabling the log indexing, it is working

0 Kudos
PhoneBoy
Admin
Admin

What is your precise API call?
Also, version/JHF level?

0 Kudos
srinidhi
Participant

Please find my API call:

and the version is R81 take 392

Screenshot 2022-11-14 at 8.10.49 PM.png

 

0 Kudos
PhoneBoy
Admin
Admin

What are the hardware specs on your management/log server?
Specify RAM, CPUs, and disk allocated.

0 Kudos
the_rock
Legend
Legend

Not that good with API, but wanted to try this in the lab, except cant open https://mgmtIP:port/web-api link. Let me see whats missing.

0 Kudos
srinidhi
Participant

Please let me know if this works for you

curl --insecure -XPOST "https://mgmtIP:port/web-api /login" --data-binary "{\"user\": \"xxx\", \"password\": \”xxxx\"}" -H "Content-Type: application/json"

 

0 Kudos
the_rock
Legend
Legend

I replaced the values but says curl command not found.

0 Kudos
Amir_Senn
Employee
Employee

It only shows log server working in index mode. IDK if relevant in your case but if the server is not indexing the logs it might explain the error for no log servers available.

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events