This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ihenock1011
Advisor
‎2024-12-16 06:03 AM

Checkpoint Log Server Origin

Hi All,

We have a Checkpoint Security Gateway and SMS Server running R81.10. Previously, all gateways sent logs to the SMS . After configuring a dedicated log server, the gateways are now sending logs to this log server. However, some gateways still show the SMS as the log server origin network reachability(Ping to the log server) is okay. What could be causing this issue, and how can we resolve it?

Thanks,

0 Kudos
11 Replies
the_rock
Legend
Legend
‎2024-12-16 07:24 AM

Hey bro,

How do you have below configured? That could be an issue.

Andy

 

Screenshot_1.png

0 Kudos
Ihenock1011
Advisor
‎2024-12-16 12:00 PM
In response to the_rock

Andy, the same way as your screenshot for all securitygateway.

0 Kudos
the_rock
Legend
Legend
‎2024-12-16 12:04 PM
In response to Ihenock1011

In my lab, no issues with it. I would need to see for myself to verify the config is right.

Andy

0 Kudos
AkosBakos
Leader Leader
Leader
‎2024-12-16 07:51 AM

Hi, 

A database install should help also 🙂

Akos

----------------
\m/_(>_<)_\m/
AkosBakos
Leader Leader
Leader
‎2024-12-16 07:57 AM

Hi @Ihenock1011 

I would like to comlement my earlier post 🙂

Dig a little bit deeper.

What does this comman say on the LOG server?

  • #cpstat ls  -f logging

All the clusters are listed, and some of them are "disconnected" state?

  • The logging uses TCP 257 -> this prot is open from the clusters to the LOG server?

And check this sk: https://support.checkpoint.com/results/sk/sk40090

Akos

 

----------------
\m/_(>_<)_\m/
the_rock
Legend
Legend
‎2024-12-16 11:53 AM
In response to AkosBakos

I applaud 1st and 2nd response brother 🙂

Andy

0 Kudos
Ihenock1011
Advisor
‎2024-12-16 09:38 PM
In response to AkosBakos

@AkosBakos Yes, for those security gateways in the cluster, the status shows disconnected. How can I resolve this issue then?

0 Kudos
AkosBakos
Leader Leader
Leader
‎2024-12-16 11:44 PM
In response to Ihenock1011

Hi @Ihenock1011 

Sorry, I'm in an another timezone 🙂

Because I don't know the exact situation, I suggest you to follow the steps in this sk:

And check this sk: https://support.checkpoint.com/results/sk/sk40090

First, I would start a really basic step: #telnet <LOGserverIP> 257 from the cluster

The LOG server is in the same subnet as the MGMT?

Akos

----------------
\m/_(>_<)_\m/
Ihenock1011
Advisor
‎2024-12-17 05:44 AM
In response to AkosBakos

Connectivity seems to be fine. I might need to create a TAC case to further investigate the issue. Thank You Guys for your usual help I will update you their response here.

the_rock
Legend
Legend
‎2024-12-17 05:47 AM
In response to Ihenock1011

Maybe before you open the case, just run tcpdumps on given port(s) and it will show you for sure if thats the problem.

Andy

the_rock
Legend
Legend
‎2024-12-17 04:28 AM
In response to Ihenock1011

Does it give a reason why they are disconnected? That could be why this is happening. Can you send a screenshot please?

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top