I was just saying that a log server without the database installed will give the same symptom that you describe. The install database to the manager is not something you should have to do separately, a policy install to a FW module takes care of this. I have seen several no logging issues resolved by a restart or cleaning of the log dir. Since you are on splat you can do a tcpdump to insure the logs are making it to the manager. What do you see from the smartview monitor? Can the FW fetch a policy from the manager? Are you doing auto static NAT on the manager? Do you have FW-1 control checked under the NAT settings? Do you have FW-1 control connections checked under the global props? Any duplicate objects for the remote FW's IP? A few things to consider if the restart or clean does not work.
-GS -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Sergio Alvarez Sent: Wednesday, July 18, 2007 10:03 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] Problem with logs Thanks for replying Scott, I´ll try the cprestart and the cleaning the logs folder, but I'm not quite sure what did you mean with the following lines: "A separate log server will behave much in the same way until you do an install database to it, it will ignore the 257 that it gets" We do not have a separate log server in this case, the remote Nokia should send the logs to the SmartCenter, as the old cluster has done it for years now. But then what you say about "do an install database" makes me think if I'm missing something. I have done similar deployments many occasions and never experienced issues like this, but now your comments have made me suspicious... Regards On 7/18/07, Gary Scott <[EMAIL PROTECTED]> wrote: > > If you are sure the 257 is reaching the manager, you could first try a > cprestart on the manager, if this is no good try doing a cpstop and > moving or deleting the entire contents of the log directory, then a > cpstart. A separate log server will behave much in the same way until > you do an install database to it, it will ignore the 257 that it gets. > > -GS > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of Sergio > Alvarez > Sent: Wednesday, July 18, 2007 7:54 PM > To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM > Subject: [FW-1] Problem with logs > > Hello, > > We have a deployment with a SmartCenter (SMC) over SPLAT, a couple of > Nokia > boxes running IPSO Clustering in front of that SMC, and an extra fw > module > also running over Nokia in a remote location. > > Everything runs Check Point NGX R60 HFA05. > > The remote fw module is new and we have SIC working properly, it is > possible > to install the policy on it with no issues and we see traffic in TCP/257 > (FW1_log) passing though the Cluster with the remote module as the > source > and the SMC as the destination, but those logs are not shown in the SV > Tracker. > > There is nothing between the Cluster and the SmartCenter so we are sure > this > traffic must be reaching the SMC network, so do you guys know of any > reason > why logs could reach a SMC but not be displayed in the SV Tracker??? > > We will do extra tests tomorrow with me on site, but I just can't think > what > could be wrong.... > > Any assistance with this issue will be very appreciated. > > Regards > > -- > Sergio Alvarez > (506)8301342 > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
