 | ||
 Logs not visible to SmartView Tracker | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2008-06-03 | |||
| |||
 Logs not visible to SmartView Tracker I have an issue with Logs in SmartView Tracker. We are using the following:- Check Point VPN-1(TM) & FireWall-1(R) NGX (R61) HFA_02, Hotfix 602 - Build 022 We have our Smartcenter Server that is used to administer 2 Firewalls (in 2 different Countries) i.e., 2 enforcement points and one Management Server. When I Login to the SmartView Tracker I expect to see the Logs from both the Firewalls but I see logs only for one of the Firewall (call it Firewall-A) . To check the Logs for the other (call it Firewall-B) I have only one option which is:- Tools->Remote Files Management-> Select the Firewall-B and then do a Log Switch to save the Active Log File and then do a Fetch Files to fetch the latest saved file. After fetching ,I need to open that file to check the logs. Some points that I had already checked:- Checked the Master File on the Enforcement Point is pointing to the SmartCenter server Performed cpstop/cpstart but to no effect. Also changed 'Log Forwarding settings' to check the box 'Forward log files to SmartCenter Server' and set schedule to Midnight. After midnight some logs were forwarded to the SmartCenter Server but not for the rest of the day till now. Earlier time stamp was incorrect but we figured that time was incorrect on the Firewall box, which we corrected. Even before that we contacted Checkpoint & they advised to appky a HotFix but doing that did not resolve our issue with the Logs. Can anyone please advise why I have to do this? Is there anything incorrectly configured on the Firewall ? How can I set the logging in such a way that all logs from Firewall-B will be logged in the default active fw.log file so that I can view logs for both the firewalls simply by running a Filter on the Origin ( in SmartView Tracker ) .  |
| 2008-06-03 | |||
| |||
| Re: Logs not visible to SmartView Tracker Hi, I have just posted a very similar issue about 1 hour ago and i think I may be on to something but need remote user to perform action to verify. The ammount of disk space on mgmt server is 500MB. the fw1 log file on the firewall module is 850 MB and a tcpdump see the mgmt server sending a fyn packet to the module when it tries to open a connection on port 257 (fw log) all the other fwall that are working have an fw log file of around 150 MB and are working fine. there are 25GB of logs on the mgmt server so I have asked the remote user to delete what he can to try and free up a few gb's and see where we go from there...... you might check for similar and let us know how you get on. and a side note can anyone explain as to why the fw1 logs are so big when all logging should be sent to managment server???? __________________ tdvit CCSA CCSE |
| 2008-06-04 | |||
| |||
| Re: Logs not visible to SmartView Tracker Try to run "Policy-->Install Database..." from Smart Dashboard, that fixed log problems for me. I had 2 nodes with one management server and only management server logs were visible in Tracker. |
| 2008-06-04 | |||
| |||
| Re: Logs not visible to SmartView Tracker cheers but that didnt do anything for me. also clearing down the space did nothing either (and restarted management server) can anyone offer any other ideas here? __________________ tdvit CCSA CCSE |
| 2008-06-06 | |||
| |||
| Re: Logs not visible to SmartView Tracker The Log file on the Firewall module is obviously not that large ( this being a newly configured firewall ) . Also I can see communication happening between the FW Module & the Management server, which is also seen in the Logs. I had run , Policy -> Install Database ( as I read it in some other thread in this forum) , earlier but that did not help. However I did that again. I had been through a 3hr long call with Checkpoint Support 2 days back but their troubleshooting did not yield any results either. Finally they asked me to send them the CPINFO file, fwd.elg file which I did but waiting for a reply even after 2days. I will catch up with them to see if they have a solution. This is really getting on my nerves. Though it is not a major issue because I can still see the logs but not being able to see them normally irritates me. |
| 2008-06-06 | |||
| |||
| Re: Logs not visible to SmartView Tracker Just a thought ..... You said the firewall module is set to send the logs back to tha master in the firewall object,... Can you confirm if this an Internal address with an Auto NAT on the object. As I have had to create a new Firewall Mgmt logs server but with a Manual Nat back to the Mgmt to resolve this sort of issue before. Only an idea!!! |
| 2008-06-06 | |||
| |||
| Re: Logs not visible to SmartView Tracker thanks for the reply. there is no nat taking place between mgmt server and module. however I have resolved the issue. after clearing down the space on mgmt server checkpoint needed to be restarted on fwall module and bingo we are back in business...... __________________ tdvit CCSA CCSE |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
