The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
No logs written on Security Gateway while connection has established
Technical Level
Solution ID
sk164852
Technical Level
Product
Security Gateway, Security Management
Version
R80.20, R80.30, R80.10
OS
Gaia
Platform / Model
All
Date Created
23-Jan-2020
Last Modified
29-Nov-2020
Symptoms
Logs are not being saved on the security gateway or written to the log server without an apparent trigger - fwd is up on both gateway and log server.
in fwd.elg:
calling srv_disconnected_cb for 'LS_Hostname', conn = (nil), conn->closed = 1, conn->state != LSTATE_CONNECTED = 1
[FWD PID]@Host[DATE TIME] srv_disconnected: change 'LS_IP' status to Status ERROR description: Log-Server Disconnected
[FWD PID]@Host[DATE TIME] log_connected: change 'LS_IP' status to Status OK description: Log-Server Connected
in cplog_debug.elg (From R80.20):
[FWD PID]@Host[DATE TIME] srv_disconnected: Reducing s_nActiveRemoteServerCount by one: connect_fail now: 0
[FWD PID]@Host[DATE TIME] set_new_server_status: setting new status: NOT_ACTIVE for IP: LS_IP
[FWD PID]@Host[DATE TIME] set_new_server_status: setting new status: CONNECTED for IP: LS_IP
[FWD PID]@Host[DATE TIME] log_connected: log Server 'LS_IP': CONNECTED (Connect to log server succeeded)
Running "cpstat fw -f log_connection" on the security gateway shows the log server as connected but logs are not being sent.
Multiple logs appear on the SmartConsole with the following message:
xxx log entries were not sent to log server x.x.x.x because of high load, but were instead sent to backup.
Cause
The issue may occur due to network latency between the Security Gateway and the defined Log Server or frequent disconnections.
