{"id":361,"date":"2010-01-25T09:19:27","date_gmt":"2010-01-25T09:19:27","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2010\/01\/25\/there-are-no-checkpoint-logs\/"},"modified":"2023-01-15T23:00:17","modified_gmt":"2023-01-15T23:00:17","slug":"there-are-no-checkpoint-logs","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html","title":{"rendered":"Check Point Logging Troubleshooting Guide"},"content":{"rendered":"
Below are some basic guidelines for troubleshooting Check Point Logging issues.<\/p>\n
Please note : <\/em>This guide does not cover issues with any OPSEC LEA based issues. {loadposition content_lock}<\/p>\n <\/p>\n Ok, so first of all are the logs being sent to the Smart Centre Manager or the necessary Log Manager ? We can check this by confirming whether the gateway is sending the log packets via the FW Log port tcp\/257 upon the gateway and the manager. To do this use either or both of the following commands,<\/p>\n If the gateway is not sending the logs then this can be down to one of the following issues,<\/p>\n If the gateway is sending the logs but the SmartCentre \/ Log Manager is not receiving them then either a device between the 2 nodes is blocking the packets or there is a routing issue.<\/p>\n Why are the logs not being displayed within SmartView tracker ?<\/strong><\/p>\n Ok so the manager is receiving the logs but you may still not see them within the SmartView tracker this will be down to either the FWD (Firewall Daemon) or the log files being corrupted.<\/p>\n If the log files are corrupted you should expect to see no logs within the SmartView Tracker. If this is the case you will need to action the following steps :<\/p>\n Full details can be found at Check Points KB within Solution ID sk6432.<\/p>\n If only some of the logs are not being displayed then this could point to an issue with the trust between the manager and the gateway. Within these steps we first enable the debug. Then we run a live tail on the log file. And then we run a grep on the live tail for a specific error. The live tail allows us to view the end of the log file in real time. We finally turn off the debug.<\/p>\n Below shows an example of an error with the SIC trust between the Gateway and Manager obtained from the $FWDIR\/log\/fwd.elg,<\/p>\n In this instance resetting SIC <\/a>would resolve this issue.<\/p>\n","protected":false},"excerpt":{"rendered":" Below are some basic guidelines for troubleshooting Check Point Logging issues. Please note : This guide does not cover issues with any OPSEC LEA based issues. Please note : The FWD (Firewall Daemon) is responsible for sending and receiving the Check Point Logs on port tcp\/257. {loadposition content_lock} logs being sent to the manager … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"yoast_head":"\n
\nPlease note : <\/em>The FWD (Firewall Daemon) is responsible for sending and receiving the Check Point Logs on port tcp\/257.<\/p>\nlogs being sent to the manager ?<\/strong><\/h2>\n
\n
\n
The SmartCentre \/ Log Manager is not receiving the logs<\/strong><\/h2>\n
Log Files Corrupted<\/span><\/h3>\n
\n
Only some of the logs are not being displayed<\/span><\/h3>\n
\nTo confirm the issue you will need to debug FWD using the following steps.<\/p>\nroot@cp-mgnt# fw debug fwd on TDERROR_ALL_ALL=5\r\nroot@cp-mgnt# tail -f $FWDIR\/log\/fwd.elg\r\nroot@cp-mgnt# tail -f $FWDIR\/log\/fwd.elg\u00a0 | grep -i \"Certificate is revoked\" \r\nroot@cp-mgnt# fw debug fwd off<\/pre>\n
[FWD 2177 1]@cp-mgnt[22 Jan 14:47:32] fwCert_ValCerts: Certificate is revoked. CN=cp-fw1,O=cp-m\r\ngnt..bizt7z\r\n[FWD 2177 1]@cp-mgnt[22 Jan 14:47:41] fwCert_ValCerts: Certificate is revoked. CN=cp-fw2,O=cp-m\r\ngnt..bizt7z<\/pre>\n