No Logs in Tracker After Migration

[jbailey01]

I migrated my management and log server from a Windows 2000 box to a SPLAT box. The migration went fine (I am able to push policy, log in, etc) but I am not seeing any traffic in Tracker. I have checked the mgmt server node and it is still set to be the log server. What else can I check?

Thanks.

[zyz101z]

Have you tried going to policy and doing a Install Database to your log/management servers?

[jbailey01]

Just tried that and there is no change - still not seeing traffic in Tracker.

[zyz101z]

Not sure that this would affect logging but did you switch the OS in your Management server object to secure platform? I guess the next thing I would try is a tcpdump on the management to see if you see the log traffic from your enforcement points. Also you could go to an enforcement point and do a fw log if its logging locally and see if you see anything in there regarding the traffic. Just some thoughts, I had a similiar issue once but I just needed to do the Database install.

[jbailey01]

I switched the OS on the mgmt server object without any change. Do you have any tcpdump docs? I've used it before when dealing with CP tech support, but cant remember the specifics.

[zyz101z]

I dont have any docs. But a quick overview.

Do a ifconfig -a .

This will give you the interface name. In this example we will use eth0 .

Then run the tcpdump command like so.

tcpdump -i eth0

Typically I will run it with grep but there are other ways as well. So say your enforcement point will be sourcing from 10.10.10.10 and you want so see if the packets are getting to the management server. Run as follows

tcpdump -i eth0 |grep 10.10.10.10

I think you have to be in expert mode to run tcpdump.

Hope this helps.

zyz101z

[kva.kva]

Quote:

zyz101z
tcpdump -i eth0 |grep 10.10.10.10

Another way
tcpdump -nne host 10.10.10.10