CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E


Results 1 to 2 of 2

Thread: Smart Event policy push, now nothing received

  1. #1
    Join Date
    Rep Power

    Default Smart Event policy push, now nothing received

    Hi friends,
    I recently tweaked a couple of threshold settings in my smart event policy. Like from 1 connection per 120 seconds to 4 connections per 120 seconds.
    I also changed an IPS setting for google talk to inactive.
    I pushed event policy and then pushed policy.
    Since this action I am no longer receiving any events.

    I'm running a standalone deployment (all on the one box). Smart monitor says all is connected, correlation etc. It says zero for stats, but it always has even when it worked.
    I see SIC errors, such as below, but they are throughout the logs for many many months.

    [CPSEAD 26268 1995163328]@smart-1[11 Nov 18:05:01] CPSEAD: Wed Nov 11 18:05:01 2015

    Error:failed to get log information from log server. There are SIC configuration problems.
    On the log server, check that:
    The file $FWDIR/conf/fwopsec.conf has the following default settings for lea_server
    # lea_server auth_port 18184
    # lea_server port 0
    If these settings have been deliberately changed in order to read Check Point logs with another tool
    find another free port to use with the auth_port method and configure this new port on Eventia in the following way:
    In Eventia GUI go to the policy tab. Go to General Settings > Objects > Network Objects and double-click on the Eventia
    object in order to see its details. In this screen you can configure the new lea port.
    If your current settings for the lea_server are not needed, please revert back to the default by performing the following:
    comment out the two lea_server lines

    [Expert@smart-1:0]# cpwd_admin list
    CPD 20505 E 1 [01:12:56] 14/12/2015 Y cpd
    FWD 26085 E 1 [18:04:49] 11/11/2015 N fwd -n
    FWM 13249 E 1 [07:07:12] 7/12/2015 N fwm
    STPR 26092 E 1 [18:04:52] 11/11/2015 N status_proxy
    DBSYNC 3368 E 1 [09:30:01] 27/11/2015 N dbsync
    SVR 26204 E 1 [18:04:59] 11/11/2015 N SVRServer
    CPSEMD 28998 E 1 [18:17:32] 11/11/2015 Y cpsemd
    CPSEAD 26268 E 1 [18:05:00] 11/11/2015 N cpsead
    CPWMD 26272 E 1 [18:05:03] 11/11/2015 N cpwmd -D -app SmartPortal
    CPHTTPD 26275 E 1 [18:05:03] 11/11/2015 N cp_http_server -f '/opt/CPportal-R75.40VS/portal/conf/cp_httpd_admin.conf'
    DASERVICE 26291 E 1 [18:05:05] 11/11/2015 N DAService_script
    LC_x.x.x.x 26324 E 1 [18:05:07] 11/11/2015 N log_consolidator -R -s x.x.x.x
    CPSM 13280 E 1 [07:07:21] 7/12/2015 N cpstat_monitor

  2. #2
    Join Date
    Rep Power

    Default Re: Smart Event policy push, now nothing received

    Hmm, 5 days later and life is normal again. Smart event is now publishing events dating back all the days to when I did the threshold change.
    Smart reporter missed a few daily reports with 'no details available'. But apart from that all good. I'm thinking the correlation was down during this time but obviously all data was received.

Similar Threads

  1. Not able to open smart event-R75.40
    By prasanth in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 2
    Last Post: 2013-03-20, 09:08
  2. Smart Center Server Migration to R71.30, no logs received
    By avilT in forum Installing And Upgrading
    Replies: 2
    Last Post: 2011-05-31, 19:55
  3. Can't push policy.
    By Maybedave in forum Installing And Upgrading
    Replies: 3
    Last Post: 2010-04-08, 20:24
  4. Is possible to log who have push the policy?
    By Thomas Riker in forum SmartView Tracker
    Replies: 3
    Last Post: 2009-11-03, 11:55
  5. can't load policy editor and push policy
    By yclee1981 in forum Sun Solaris
    Replies: 2
    Last Post: 2008-01-07, 23:20


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts