CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 8 of 8

Thread: VSX - Virtual Systems not sending logs to MDS

  1. #1
    Join Date
    2017-09-10
    Posts
    38
    Rep Power
    0

    Default VSX - Virtual Systems not sending logs to MDS

    Hello

    I have a 12,400 series VSX device in our production environment. It is running gaia R77.30. It has four Virtual systems out which two of them are not sending logs to MDS.

    I created a new log file and switched the log file to new one, it did not work.
    I created a dummy log server changed the logserver to dummy server on the VSX cluster objects where this problematic virtual systems are there, installed the policy and reverted back the changes it did not work either.

    Checkpoint suggested us to do a reboot, but I would like to know if there is anything else that can be done?

    Thanks in advance
    Ravindra

  2. #2
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,028
    Rep Power
    14

    Default Re: VSX - Virtual Systems not sending logs to MDS

    anything in between VSX cluster and MDS?
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  3. #3
    Join Date
    2017-09-10
    Posts
    38
    Rep Power
    0

    Default Re: VSX - Virtual Systems not sending logs to MDS

    Quote Originally Posted by varera View Post
    anything in between VSX cluster and MDS?
    Yes, there are a couple of swithces

  4. #4
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,028
    Rep Power
    14

    Default Re: VSX - Virtual Systems not sending logs to MDS

    Quote Originally Posted by ravindra692 View Post
    Yes, there are a couple of swithces
    so no Fws. Check if your policies on VS0 allow communications between MLM and VSs. Otherwise, config issue
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  5. #5
    Join Date
    2017-09-10
    Posts
    38
    Rep Power
    0

    Default Re: VSX - Virtual Systems not sending logs to MDS

    Quote Originally Posted by varera View Post
    so no Fws. Check if your policies on VS0 allow communications between MLM and VSs. Otherwise, config issue
    VS0 allows communication with the MLM. Reboot did not work either. In our case our MDS acts as a MLM too.
    Last edited by ravindra692; 2017-12-22 at 09:33.

  6. #6
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,637
    Rep Power
    9

    Default Re: VSX - Virtual Systems not sending logs to MDS

    Quote Originally Posted by ravindra692 View Post
    VS0 allows communication with the MLM. Reboot did not work either. In our case our MDS acts as a MLM too.
    Havenít played with vsx enough to know but do all vs log from the same address or does each vs log from a different ip?

    If they are different I would check netstat -anp | grep 257

    See if the tcp is connection. Check from both ends Mgmt and cma.

    If It was a normal gateway I would also throw out restarting fwd. not sure if that applies to vsx or not.

  7. #7
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    272
    Rep Power
    12

    Default Re: VSX - Virtual Systems not sending logs to MDS

    Quote Originally Posted by jflemingeds View Post
    Haven’t played with vsx enough to know but do all vs log from the same address or does each vs log from a different ip?

    If they are different I would check netstat -anp | grep 257

    See if the tcp is connection. Check from both ends Mgmt and cma.

    If It was a normal gateway I would also throw out restarting fwd. not sure if that applies to vsx or not.
    Old VSX (<=R67) had a single fwd process, but logs were kind of weird. It ran one instance of a process called cplogd, which opened many connections (one per VS) to the log servers. Each VS could conceivably still log either centrally or locally. -HUPing fwd or cplogd could help here.

    New VSX (>=R75.40VS) has an fwd per context. Each fwd opens a single connection. They all go from the management IP of the VSX cluster. The only policy they should hit on the outbound leg is the chassis policy. Failure of two separate processes is certainly possible.

    1. I'd check the 'cpwd_admin list' to see if anything shows a status of 'T' (terminated).
    2. If not, I would then check the output of 'netstat -anp | grep ":257" as suggested earlier. Pay special attention to the processes for the VSs which are not logging.
    3. If the VSs which aren't logging show running fwd instances and those instances have ESTABLISHED connections to the expected log server, I would try 'kill -HUP' on the fwd instances for the VSs which are not logging.
    Last edited by Bob_Zimmerman; 2017-12-22 at 18:11.
    Zimmie

  8. #8
    Join Date
    2017-09-10
    Posts
    38
    Rep Power
    0

    Default Re: VSX - Virtual Systems not sending logs to MDS

    I actually checked the output of 'netstat -anp | grep ":257", the connection with the MDS is established. The Masters file is also good.
    I got the logs back after I did a log switch on the VS and reboot. I do not know if this is a permanent fix or a work around, but doing this got me the visibility on the logs

    Thanks,
    Ravindra

Similar Threads

  1. Replies: 4
    Last Post: 2017-12-13, 04:24
  2. Failing over virtual systems question
    By jmillercw in forum VPN-1 VSX
    Replies: 4
    Last Post: 2015-01-25, 12:23
  3. using bonding interfaces in Virtual Systems
    By zenitt in forum Check Point VSX/VSX-1 Appliances
    Replies: 1
    Last Post: 2012-10-04, 05:53
  4. What to do if some VSs are not sending logs
    By varera in forum VPN-1 VSX
    Replies: 0
    Last Post: 2012-02-20, 05:31
  5. Timeout setting on vsx and virtual systems
    By eduardw in forum VPN-1 VSX
    Replies: 6
    Last Post: 2008-10-25, 11:24

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •