{"id":361,"date":"2010-01-25T09:19:27","date_gmt":"2010-01-25T09:19:27","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2010\/01\/25\/there-are-no-checkpoint-logs\/"},"modified":"2023-01-15T23:00:17","modified_gmt":"2023-01-15T23:00:17","slug":"there-are-no-checkpoint-logs","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html","title":{"rendered":"Check Point Logging Troubleshooting Guide"},"content":{"rendered":"<p>Below are some basic guidelines for troubleshooting Check Point Logging issues.<\/p>\n<p><em>Please note : <\/em>This guide does not cover issues with any OPSEC LEA based issues.<em><br \/>\nPlease note : <\/em>The FWD (Firewall Daemon) is responsible for sending and receiving the Check Point Logs on port tcp\/257.<\/p>\n<p>{loadposition content_lock}<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>logs being sent to the manager ?<\/strong><\/h2>\n<p>Ok, so first of all are the logs being sent to the Smart Centre Manager or the necessary Log Manager ? We can check this by confirming whether the gateway is sending the log packets via the FW Log port tcp\/257 upon the gateway and the manager. To do this use either or both of the following commands,<\/p>\n<ul>\n<li>netstat -an | grep 257 &#8211; This will show the state of the TCP sockets.<\/li>\n<li>tcpdump -ni [interface name] port 257 &#8211; This will show a packet capture of the FW Log packets on the subsequent interface.<\/li>\n<\/ul>\n<p>If the gateway is not sending the logs then this can be down to one of the following issues,<\/p>\n<ol>\n<li>SIC is not established.<\/li>\n<li>The Logging configuration for the Gateway is not configured correctly.<\/li>\n<li>The SmartCentre\/Log Manager is not listening on port tcp\/257.<\/li>\n<li>There is an issue with FWD on the gateway. In some instances you may need to restart FWD via a cpstart. Though the root cause could be down to a number of factors.<\/li>\n<\/ol>\n<h2><strong>The SmartCentre \/ Log Manager is not receiving the logs<\/strong><\/h2>\n<p>If the gateway is sending the logs but the SmartCentre \/ Log Manager is not receiving them then either a device between the 2 nodes is blocking the packets or there is a routing issue.<\/p>\n<p><strong>Why are the logs not being displayed within SmartView tracker ?<\/strong><\/p>\n<p>Ok so the manager is receiving the logs but you may still not see them within the SmartView tracker this will be down to either the FWD (Firewall Daemon) or the log files being corrupted.<\/p>\n<h3><span style=\"color: #000000;\">Log Files Corrupted<\/span><\/h3>\n<p>If the log files are corrupted you should expect to see no logs within the SmartView Tracker. If this is the case you will need to action the following steps :<\/p>\n<ol>\n<li>Close the Log Viewer\/SmartView Tracker and Policy Editor\/SmartDashboard.<\/li>\n<li>Execute the fwstop or cpstop command (depending on the version) from the command line.<\/li>\n<li>Remove all files starting with fw.log and fw.logptr from the $FWDIR\\log directory.<\/li>\n<li>Execute the<span style=\"font-family: georgia,palatino;\"> fwstart<\/span> or cpstart (depending on the version) command.<\/li>\n<\/ol>\n<p>Full details can be found at Check Points KB within Solution ID sk6432.<\/p>\n<h3><span style=\"color: #000000;\">Only some of the logs are not being displayed<\/span><\/h3>\n<p>If only some of the logs are not being displayed then this could point to an issue with the trust between the manager and the gateway.<br \/>\nTo confirm the issue you will need to debug FWD using the following steps.<\/p>\n<pre class=\"prettyprint\">root@cp-mgnt# fw debug fwd on TDERROR_ALL_ALL=5\r\nroot@cp-mgnt# tail -f $FWDIR\/log\/fwd.elg\r\nroot@cp-mgnt# tail -f $FWDIR\/log\/fwd.elg\u00a0 | grep -i \"Certificate is revoked\" \r\nroot@cp-mgnt# fw debug fwd off<\/pre>\n<p>Within these steps we first enable the debug. Then we run a live tail on the log file. And then we run a grep on the live tail for a specific error. The live tail allows us to view the end of the log file in real time. We finally turn off the debug.<\/p>\n<p>Below shows an example of an error with the SIC trust between the Gateway and Manager obtained from the $FWDIR\/log\/fwd.elg,<\/p>\n<pre class=\"prettyprint\">[FWD 2177 1]@cp-mgnt[22 Jan 14:47:32] fwCert_ValCerts: Certificate is revoked. CN=cp-fw1,O=cp-m\r\ngnt..bizt7z\r\n[FWD 2177 1]@cp-mgnt[22 Jan 14:47:41] fwCert_ValCerts: Certificate is revoked. CN=cp-fw2,O=cp-m\r\ngnt..bizt7z<\/pre>\n<p>In this instance <a href=\"https:\/\/www.fir3net.com\/Checkpoint\/checkpoint-how-to-reset-sic.html\">resetting SIC <\/a>would resolve this issue.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Below are some basic guidelines for troubleshooting Check Point Logging issues. Please note : This guide does not cover issues with any OPSEC LEA based issues. Please note : The FWD (Firewall Daemon) is responsible for sending and receiving the Check Point Logs on port tcp\/257. {loadposition content_lock} &nbsp; logs being sent to the manager &#8230; <a title=\"Check Point Logging Troubleshooting Guide\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html\" aria-label=\"Read more about Check Point Logging Troubleshooting Guide\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Check Point Logging Troubleshooting Guide - Fir3net<\/title>\n<meta name=\"description\" content=\"Below are some basic guidelines for troubleshooting Check Point Logging issues. Please note : This guide does not cover issues with any OPSEC LEA based\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Check Point Logging Troubleshooting Guide - Fir3net\" \/>\n<meta property=\"og:description\" content=\"Below are some basic guidelines for troubleshooting Check Point Logging issues. Please note : This guide does not cover issues with any OPSEC LEA based\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2010-01-25T09:19:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-15T23:00:17+00:00\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Check Point Logging Troubleshooting Guide\",\"datePublished\":\"2010-01-25T09:19:27+00:00\",\"dateModified\":\"2023-01-15T23:00:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html\"},\"wordCount\":543,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"articleSection\":[\"Check Point Firewalls\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html\",\"url\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html\",\"name\":\"Check Point Logging Troubleshooting Guide - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"datePublished\":\"2010-01-25T09:19:27+00:00\",\"dateModified\":\"2023-01-15T23:00:17+00:00\",\"description\":\"Below are some basic guidelines for troubleshooting Check Point Logging issues. Please note : This guide does not cover issues with any OPSEC LEA based\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.fir3net.com\/security\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Check Point Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\/check-point\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Check Point Logging Troubleshooting Guide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Check Point Logging Troubleshooting Guide - Fir3net","description":"Below are some basic guidelines for troubleshooting Check Point Logging issues. Please note : This guide does not cover issues with any OPSEC LEA based","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html","og_locale":"en_US","og_type":"article","og_title":"Check Point Logging Troubleshooting Guide - Fir3net","og_description":"Below are some basic guidelines for troubleshooting Check Point Logging issues. Please note : This guide does not cover issues with any OPSEC LEA based","og_url":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html","og_site_name":"Fir3net","article_published_time":"2010-01-25T09:19:27+00:00","article_modified_time":"2023-01-15T23:00:17+00:00","author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Check Point Logging Troubleshooting Guide","datePublished":"2010-01-25T09:19:27+00:00","dateModified":"2023-01-15T23:00:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html"},"wordCount":543,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"articleSection":["Check Point Firewalls"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html","url":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html","name":"Check Point Logging Troubleshooting Guide - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"datePublished":"2010-01-25T09:19:27+00:00","dateModified":"2023-01-15T23:00:17+00:00","description":"Below are some basic guidelines for troubleshooting Check Point Logging issues. Please note : This guide does not cover issues with any OPSEC LEA based","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/there-are-no-checkpoint-logs.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.fir3net.com\/security"},{"@type":"ListItem","position":3,"name":"Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls"},{"@type":"ListItem","position":4,"name":"Check Point Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls\/check-point"},{"@type":"ListItem","position":5,"name":"Check Point Logging Troubleshooting Guide"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/361"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=361"}],"version-history":[{"count":1,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/361\/revisions"}],"predecessor-version":[{"id":3568,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/361\/revisions\/3568"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=361"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=361"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}