CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Results 1 to 10 of 10

Thread: syslog flooded

  1. #1
    Join Date
    2015-12-23
    Posts
    47
    Rep Power
    0

    Default syslog flooded

    Appliance 21600
    Gaia R77.10 with Jumbo 167
    VRRP cluster
    Blades: Firewall, IPSec VPN, IPS, Anti-Bot

    one of the cluster member is constantly flooded with these messages in syslog regardless whether it's the primary or backup. PID 6228 is confd.

    what could be causing this and how should I approach to resolve it? thanks in advance.

    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in13_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in16_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in11_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in15_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in10_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in5_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in6_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in7_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in8_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in9_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in14_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in12_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in13_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in16_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in11_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/in15_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/fan6_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/fan5_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/fan8_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/fan7_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/fan10_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/fan9_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/fan2_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/fan1_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/fan4_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/fan3_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/temp6_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/temp7_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/temp1_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Dec 23 13:05:57 FW01 xpand[6228]: cannot open sysfs file /sys/class/hwmon/hwmon0/device/temp2_input ; skipping it
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read

  2. #2
    Join Date
    2015-09-08
    Posts
    24
    Rep Power
    0

    Default Re: syslog flooded

    Quote Originally Posted by wayne0206 View Post
    Dec 23 13:05:57 FW01 xpand[6228]: The value of sensor could not be read
    Seems to be a known issue with hotfixes available throguh support:

    "The value of sensor could not be read" error in /var/log/messages file and SNMP Traps about hardware sensors are sent repeatedly"
    https://supportcenter.checkpoint.com...ionid=sk101898

    I'd assume that the second message is somehow related, but a hotfix would be a good start.

  3. #3
    Join Date
    2015-12-23
    Posts
    47
    Rep Power
    0

    Default Re: syslog flooded

    Quote Originally Posted by wyndfx View Post
    Seems to be a known issue with hotfixes available throguh support:

    "The value of sensor could not be read" error in /var/log/messages file and SNMP Traps about hardware sensors are sent repeatedly"
    https://supportcenter.checkpoint.com...ionid=sk101898

    I'd assume that the second message is somehow related, but a hotfix would be a good start.
    I am aware of the bug mentioned in sk101898. this is a different issue. as I dig a bit deeper, I notice the gateway is missing a folder "hwmon0" in /etc/class/hwmon. this cluster pair was built identical and i am not sure how this happen. trying to find out whether i can copy this directory from the other cluster member.

  4. #4
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,657
    Rep Power
    10

    Default Re: syslog flooded

    Quote Originally Posted by wayne0206 View Post
    I am aware of the bug mentioned in sk101898. this is a different issue. as I dig a bit deeper, I notice the gateway is missing a folder "hwmon0" in /etc/class/hwmon. this cluster pair was built identical and i am not sure how this happen. trying to find out whether i can copy this directory from the other cluster member.
    so /sys/class is a special filesystem. Everything in there is dynamically created by the kernel. I think to figure out what the problem is you should be trying to figure out what those files hold on the working one. Then you can figure out what hardware isn't being monitored correctly and for what reason.

  5. #5
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,657
    Rep Power
    10

    Default Re: syslog flooded

    Quote Originally Posted by wayne0206 View Post
    I am aware of the bug mentioned in sk101898. this is a different issue. as I dig a bit deeper, I notice the gateway is missing a folder "hwmon0" in /etc/class/hwmon. this cluster pair was built identical and i am not sure how this happen. trying to find out whether i can copy this directory from the other cluster member.
    Can you compare the output of


    lsmod

    on both members? I think that is where the drive for hardware monitoring is coming from. should be a hwmon loaded on both.

  6. #6
    Join Date
    2015-12-23
    Posts
    47
    Rep Power
    0

    Default Re: syslog flooded

    please see attachment


    [Expert@FW01:0]# ls 僕R /sys/class/hwmon/
    ls: 僕R: No such file or directory
    /sys/class/hwmon/:


    [Expert@FW02:0]# ls 僕R /sys/class/hwmon/
    ls: 僕R: No such file or directory
    /sys/class/hwmon/:
    hwmon0
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	chinetfw lsmod compare.jpg 
Views:	113 
Size:	370.7 KB 
ID:	1053  

  7. #7
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,657
    Rep Power
    10

    Default Re: syslog flooded

    Quote Originally Posted by wayne0206 View Post
    please see attachment


    [Expert@FW01:0]# ls 僕R /sys/class/hwmon/
    ls: 僕R: No such file or directory
    /sys/class/hwmon/:


    [Expert@FW02:0]# ls 僕R /sys/class/hwmon/
    ls: 僕R: No such file or directory
    /sys/class/hwmon/:
    hwmon0
    Something with your ls command seems odd. i'm not sure why its saying no such file or directory. Could be you have the unicode super long dash and ls isn't understanding thats a "-". I'm guessing you did a copy/paste. do it by hand this time.

    Also if you want to compare the lsmod output sort it before doing the compare.

    lsmod | sort

    that way the output is more uniform and can be diffed correctly.

    Happy holidays!

  8. #8
    Join Date
    2015-12-23
    Posts
    47
    Rep Power
    0

    Default Re: syslog flooded

    Quote Originally Posted by jflemingeds View Post
    Something with your ls command seems odd. i'm not sure why its saying no such file or directory. Could be you have the unicode super long dash and ls isn't understanding thats a "-". I'm guessing you did a copy/paste. do it by hand this time.

    Also if you want to compare the lsmod output sort it before doing the compare.

    lsmod | sort

    that way the output is more uniform and can be diffed correctly.

    Happy holidays!

    ;) here it is again.
    Click image for larger version. 

Name:	fw lsmod compare2.jpg 
Views:	119 
Size:	466.7 KB 
ID:	1054

    [Expert@FW01:0]# ls -lR /sys/class/hwmon/
    /sys/class/hwmon/:
    total 0
    [Expert@FW01:0]#




    [Expert@FW02:0]# ls -lR /sys/class/hwmon/
    /sys/class/hwmon/:
    total 0
    drwxr-xr-x 2 admin root 0 Dec 24 12:35 hwmon0

    /sys/class/hwmon/hwmon0:
    total 0
    lrwxrwxrwx 1 admin root 0 Dec 20 00:26 device -> ../../../devices/pci0000:00/0000:00:1f.3/i2c-0/0-002e
    lrwxrwxrwx 1 admin root 0 Dec 24 12:35 subsystem -> ../../../class/hwmon
    --w------- 1 admin root 4096 Dec 24 12:35 uevent

  9. #9
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,657
    Rep Power
    10

    Default Re: syslog flooded

    The only difference i'm really seeing is it looks like you have a driver do a scsi cdrom loaded. Seems a little strange but i don't see how that would effect anything.

    Anything interesting in dmesg? You may also want to attach something to the console so that you can capture all logged output during a boot up and then poke around in there.

    Just wondering.. was that all the output? I see the scroll bar. Just making sure there wasn't anything else we're not seeing.

  10. #10
    Join Date
    2015-12-23
    Posts
    47
    Rep Power
    0

    Default Re: syslog flooded

    thanks for your help. checkpoint is RMA my gateway.

Similar Threads

  1. Voyager syslog
    By jeronimo in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 0
    Last Post: 2012-09-19, 03:46
  2. How is fw log to Syslog Server on UTM-1 270 - Please HELP!
    By gorhon in forum SmartView Tracker
    Replies: 8
    Last Post: 2010-03-16, 14:49
  3. how to log to the syslog server
    By venkatnarayana in forum SmartView Tracker
    Replies: 0
    Last Post: 2008-02-25, 00:08
  4. SYSLOG
    By robori in forum SmartView Tracker
    Replies: 3
    Last Post: 2006-12-26, 18:29
  5. syslog
    By herrmadbeef in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 1
    Last Post: 2006-09-02, 01:08

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •