|Check Point Logging Troubleshooting Guide|
|Firewalls - Checkpoint|
|Monday, 25 January 2010 09:19|
Below are some basic guidelines for troubleshooting Check Point Logging issues.
Please note : This guide does not cover issues with any OPSEC LEA based issues.
Are the logs being sent to the manager ?
Ok, so first of all are the logs being sent to the Smart Centre Manager or the necessary Log Manager ? We can check this by confirming whether the gateway is sending the log packets via the FW Log port tcp/257 upon the gateway and the manager. To do this use either or both of the following commands,
If the gateway is not sending the logs then this can be down to one of the following issues,
The SmartCentre / Log Manager is not receiving the logs
If the gateway is sending the logs but the SmartCentre / Log Manager is not receiving them then either a device between the 2 nodes is blocking the packets or there is a routing issue.
Why are the logs not being displayed within SmartView tracker ?
Ok so the manager is receiving the logs but you may still not see them within the SmartView tracker this will be down to either the FWD (Firewall Daemon) or the log files being corrupted.
Log Files Corrupted
If the log files are corrupted you should expect to see no logs within the SmartView Tracker. If this is the case you will need to action the following steps :
Full details can be found at Check Points KB within Solution ID sk6432.
Only some of the logs are not being displayed
If only some of the logs are not being displayed then this could point to an issue with the trust between the manager and the gateway.
root@cp-mgnt# fw debug fwd on TDERROR_ALL_ALL=5
Within these steps we first enable the debug. Then we run a live tail on the log file. And then we run a grep on the live tail for a specific error. The live tail allows us to view the end of the log file in real time. We finally turn off the debug.
Below shows an example of an error with the SIC trust between the Gateway and Manager obtained from the $FWDIR/log/fwd.elg,
[FWD 2177 1]@cp-mgnt[22 Jan 14:47:32] fwCert_ValCerts: Certificate is revoked. CN=cp-fw1,O=cp-mgnt..bizt7z
In this instance resetting SIC would resolve this issue.
- Incapsula (Review) - How to Protect and Secure your website in 10 minutes
- Window wont show when using Cisco VPN Client 5.x / Windows 7
- How to Fix Unreadable Directory Listings within the Shell
- Python - List Comprehensions
- Python - What does 'if __name__ == "__main__"' mean ?
- Python - Decorators
- BIGIP F5 LTM - Action on Service Down
- Brocade ADX - How do I bind multiple ports to a single healthcheck ?
- MySQL - How to reset a forgotten Root password
- Django - How can I pass a string from a URL to a view ?
- Vyatta - Unable to log into GUI : "Username or password is incorrect"
- Cisco ASA - How do VPN Filters work ?
- How do I use AJAX along side Django ?
- Outlook 2010 - The 'Delete Conversation' Shortcut
- How do I import a python module from another folder ?
- How do I configure Django to serve my Robots.txt file ?
- Brocade ADX - The Dynamic Weighted Predictor
- How to serve multiple domains from within a single Django project
- Vyatta - How do I secure management access ?
- Vyatta - How to configure an IPSEC site to site VPN
- Proxy ARP – SPLAT
- Check Point Commands
- IPSO - Commands
- ASA 8.3 - Auto NAT Examples
- vSphere - Creating User and Group Permissions
- Configuring Wireless Connectivity within Backtrack 4 r2
- Juniper Netscreen Commands
- Configuring Windows 2008 R2 as an NTP Server
- How to set the Time / Date and Timezone in CentOS
- PEMU - Free Cisco PIX Firewall Emulator / Simulator
- Juniper Netscreen - NAT Explained
- How do I install snmpwalk / snmpget using Yum ?
- Troubleshooting a Netscreen Site 2 Site VPN
- Netscreen - NSRP
- Check Point Logging Troubleshooting Guide
- How do I configure IPv6 in Windows XP ?
- Check Point - How to Reset SIC
- Endpoint Connect Installation / Troubleshooting Guide
- VI shows the error Terminal too wide within Solaris
- ESX Convertor - The session is not authenticated