 | ||
 not logging | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-09-04 | |||
| |||
 not logging Hi we just update a Smartcenter server and its not logging we update form r55 to r60 and the SCS apply the security policy with no problem but the smart view tracker do not log any event does any1 has a clue thanks  |
| 2006-09-05 | |||
| |||
| Re: not logging What platforms are you using? Are you logging back to your smartcenter server, or another platform? What is configured on your firewall objects for logging? Do you see any tcp/257 traffic leaving the firewalls going to the management server? |
| 2006-09-05 | |||
| |||
| Re: not logging the smart center server is in Windows2003 (updated to r60) and the Enforment module is a Nokia ipso 3.9 r60 (updated) the master log server in the enforcment is the Smart center server and i dont see any packet going on in the tracker |
| 2006-09-05 | |||
| |||
| Re: not logging Well, yeah, you're not going to see anything in Tracker if it's not logging... Try running tcpdump on the IPSO box for a while, looking for tcp/257 going from the firewall to the management server. Also take a look at the contents of $FWDIR/log. fw.log should be growing if it's now logging locally. I have sometimes seen logging get a bit messed up and require a restart on the module - normally they just detect that the log server is back up and deal with it. Occasionally they don't seem to properly deal with it though. If it's practical, you might like to try a stop/start on the module. You shouldn't _have_ to do that, but sometimes it seems to be required. Given that you've already pushed policy, it's reasonable to assume that it's not a SIC-related issue - nor should it be. You could try running fw log at the command line on the module, to get it to convert the logs into human-readable format on the command line, so you can doublecheck there's nothing odd in there, like changed anti-spoofing. Again, since you've been able to push policy, that shouldn't be an issue. Also, from the module, can you telnet to the management server on port 257, just to doublecheck that everything is cool at a routing level? |
| 2006-09-06 | |||
| |||
| Re: not logging A few months ago we also experienced the same problems. The module didn't log to the management station anymore. We had to stop/start the firewall daemons of the enforcement module to get the logs back to the management station. |
| 2006-09-06 | |||
| |||
| Re: not logging ok ill try to do that but its wierd 'cause you have to update first the smartcenter so is back online and the u upgrade the enforcment so should be online at all times ill try thanks |
| 2006-09-08 | |||
| |||
| Re: not logging ahh, gonna try that too, and i HAVEN'T upgraded, our security team just got onto me saying the last weeks worth of logs are empty, all i've got is log switch message and CA messages. (ie between 1 and 3 per day) nice of them to get onto me when it first started happeneing. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
