Create a Post
Sorin_Gogean
Advisor

Generic DataCenter details in logs

Jump to solution

Hello mates,

 

I have looked over the Generic DataCenter implementation and we are close to start using this type of objects, for different cases.

In one situation, we had used a script that was addressing some TOR resources, and adjusted it a bit, so it would keep the UUID , will address other IP lists resources, etc. .

Works well for quite some time, problem is that from time to time, I notice that the objects generated by/for this GDC are not refreshed for 1 - 2 days (or a bit more).

All I was able to catch in the FWL Logs is that the JSON file is "corrupted" so from there I've looked what/why. 

Checking why, I've noticed that process/script we use is not running anymore on the Management Server, not sure why it stopped running, I'll see if I have smth in the other system logs.

 

So what I'm after, is there a way we can get an alert when the retrieval of the JSON content fails, so we know and take action in case this happens ?

I tried to look into SmartEvents, but sadly I did not find a way for setting SmartEvents to look for specific LOG patterns and generate an alert on them .

 

Any idea, hint to follow would appreciate 😃 .

 

Thank you,

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
6 Replies
PhoneBoy
Admin
Admin

Can you post a screenshot of the log in question with sensitive data redacted?
Maybe there's something we can do with it.

0 Kudos
Sorin_Gogean
Advisor

Hello @PhoneBoy ,

 

Here you have the beginning and failure of the json reading/mapping .

There is not much, and I tried to search in any way, no luck. 

So if there is a possibility to create an SmartEvent alert based on anything from here (or just for failure alerts), would be great 😊.

Untitled.pngUntitled.png

 

 

Thank you,

0 Kudos
Alex-
Advisor

Not every log component is indexed or actionable. You can use the show-logs API on blade "Cloudguard IaaS" to get specific results for Control connections and filter from there, for instance for the Critical keywords. I'm not sure if it's what you're looking after though.

0 Kudos
Sorin_Gogean
Advisor

Hey Alex, 

 

Thank you for pointing that out, but not really what we wanted 😕, as I stated initially, we're using SmartEvent to perform certain actions in different cases, and in this case/situation I would like to be able to trigger an event from SmartEvent, that would be performed in the case of GDC update failure. 

With API, we can explore that path, but since SmartEvent is already running, we hoped that there is smth that we can achieve with it 😉.

 

Thank you,

0 Kudos
PhoneBoy
Admin
Admin

There is some stuff in the CloudGuard Controller Admin Guide about this point: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_CloudGuard_Controller_AdminG... 

Sorin_Gogean
Advisor

thank you sooo much @PhoneBoy , 

sometimes I wonder why I'm so "blind", as I looked on that page several times....

 

ty,

0 Kudos