Wednesday, May 8, 2013
Check Point: Enforcement Module Does Not Send Logs To Management Station
I thought this was going to be difficult to resolve, but as it turns out, it wasnt (in my scenario). So I wasnt getting log messages to my management server from BOTH of my enforcement modules (a clustered configuration). However, I was getting logs from my other Check Point enforcement module (that was not part of that cluster Im speaking of). So, Im thinking my management station seems ok if it gets logs from one, and not the other two. I mean, logging is working, right? Sure. So, I SSH'ed into the two enforcement modules and looked at the fw.log. Nothing appeared to be in them when I did a 'more fw.log'. So, I wanted to see if the logs where growing, so I ran the following command 'tail -f /var/logs/fw.log'. On both enforcement modules, the size stayed the same. No increase. So I came back in during non-production hours and pushed policy to see if that would clear up the logging issue. It didnt. So, on one of the enforcement modules, I did a 'cpstop' and restarted services with a 'cpstart', then pushed policy. I started getting log messages from that enforcement module. I did the same on the second and now both are sending log messages to my management station. Im not sure what exactly happened that they would stop, but the issue is now resolved.