Help with SmartView Tracker

Advanced search

[rockysam39]

Hi All

This may sound silly but I need some help with SmartView Tracker.

I have a SmartCenter Server which is used to administer 2 Firewalls ( for 2 different locations ). FirewallA & FirewallB.

When I login to SmartView Tracker, by default the Logs for FirewallA appears in the Tracker.
To open the Logs for FirewallB I go to Remote Files Management -> select the FirewallB -> click on 'Log Switch' -> click OK to save it as its default name -> Click OK to the message indicating the Log File is saved as 2008-05-31_102108.log -> it then returns to the Remote Files Management Log, where I click on 'Get Files List' -> this opens the Files on FirewallB window, where I select the latest Log File that I just saved and click 'Fetch Files' which then goes to the Files Fetch Progress window and finally get the File Fetch Finished window.

Then I go to File -> Open -> select the latest saved file -> and open it to check the logs but this does not give me the entire log.

Pleae advise me with a better way to check Logs for our FirewallB. I may be doing things the wrong way.

[juve]

Is there another firewall in between firewall B and the management server? Normally, logs are sent to the management in real time and you don't need to fetch them on the device itself. However, if your firewall is on a remote site with only connectivity over the Internet, the setup might be a bit more tricky. In this case, some NAT needs to be done.

Try to sniff on the firewall if you can see traffic going to port 257 :
fw monitor -e "accept dport=257;"

what source and destination is he using? see if this is correct yes or no. Also, check the logs & masters section of the firewall object to be sure it's sending its logs to the correct management server.

[rockysam39]

Thanks for the suggestion Juve
Some points that I had already checked:-

Checked the Master File on the Enforcement Point is pointing to the SmartCenter server
Performed cpstop/cpstart but to no effect.
Also changed 'Log Forwarding settings' to check the box 'Forward log files to SmartCenter Server' and set schedule to Midnight.
After midnight some logs were forwarded to the SmartCenter Server but not for the rest of the day till now.

Earlier time stamp was incorrect but we figured that time was incorrect on the Firewall box, which we corrected.
Even before that we contacted Checkpoint & they advised to appky a HotFix but doing that did not resolve our issue with the Logs.

One point you raised seems vital here ...... The Smartcenter server and the firewall are in two different countries .... they indeed communicate over the International WAN ( which is obviously over the internet) hence I will now look forward to NAT-ing properly and if I need help for NATing I will get back to you.

Thanks again

[rockysam39]

I did check to confirm the logs & masters section of the firewall object to be sure it's sending its logs to the correct management server.

also checked - fw monitor -e "accept dport=257;" - it is going to correct source and destination

Now I'm working on the NAT part and will update you

[juve]

Is the conenction working now?

• Articles
• Knowledge base