CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 4 of 4

Thread: Command to see if FW's are sending logs to Log server

  1. #1
    Join Date
    2016-10-19
    Posts
    42
    Rep Power
    0

    Default Command to see if FW's are sending logs to Log server

    Hello Guys

    Is there any command for dedicated log servers to check how many logs are being received from each gateway/ number of total logs per sec/ indexing stats?

    I used cpstat -f log_server mg & cpstat -f indexer mg when we used to used to do logging on the Management server. But my log server is not accepting the syntax.

    Am i using wrong syntax or is there a new command?

    Mgmt server and Log server are running R80

    Thanks.

  2. #2
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,637
    Rep Power
    9

    Default Re: Command to see if FW's are sending logs to Log server

    Quote Originally Posted by venkata View Post
    Hello Guys

    Is there any command for dedicated log servers to check how many logs are being received from each gateway/ number of total logs per sec/ indexing stats?

    I used cpstat -f log_server mg & cpstat -f indexer mg when we used to used to do logging on the Management server. But my log server is not accepting the syntax.

    Am i using wrong syntax or is there a new command?

    Mgmt server and Log server are running R80

    Thanks.
    netstat -anp | grep 257

    should show something. 1 per gateway and should always be established. Granted just because there is an estblished connection doesn't mean its logging anything. Not super friendly output. ditch -n if you have working DNS resolution.

  3. #3
    Join Date
    2016-10-19
    Posts
    42
    Rep Power
    0

    Default Re: Command to see if FW's are sending logs to Log server

    Hello Team,

    Any commands similar to cpstat -f log_server mg and cpstat -f indexer mg for R80 Log server? Looks like the "mg" is not available in Log server's cpstat syntax. The reason why I am asking to see if the indexer is stuck somewhere or running into some errors as my logs are now 30mins behind, so i am expecting indexing is being not done right.

    My current options are to clear some disk space/cache memory.

    Any other thoughts on logs being behind the time?

    Thanks.

  4. #4
    Join Date
    2016-10-19
    Posts
    42
    Rep Power
    0

    Default Re: Command to see if FW's are sending logs to Log server

    So, just want to update the thread.

    #cpstat -f logging ls
    #cpstat -f indexer ls

    These are the commands to check logs from each node and status of the indexer.

    Thanks for the help as always!

Similar Threads

  1. Replies: 5
    Last Post: 2015-06-18, 05:58
  2. R75.40 not sending logs to mgt server...
    By cpusername in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 11
    Last Post: 2014-03-29, 22:49
  3. problem sending Checkpoint logs to syslog server
    By ddganti in forum Check Point SecurePlatform (SPLAT)
    Replies: 4
    Last Post: 2014-01-28, 10:07
  4. Logs from Nokia Gateway is not sending to smartcenter Server
    By ecesureshkumar in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 4
    Last Post: 2013-09-17, 15:26
  5. Firewalls not sending Logs to MGT server since HDD full
    By hotice_ in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 2
    Last Post: 2007-11-21, 12:16

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •