Справочный центр

Log diagnose and tshoot

2 min read

Список полезных команд при диагностике логирования на CP

Проверить что порт на который шлются логи прослушивается
netstat -anp | grep ":257"
Проверть что лог пакеты летят на нужный адрес 
tcpdump -n -i any host ext_IP_GWs and tcp port 257

Проверить настройки log для centrall mgmt
show security-management
cpview->Log
cpstat fw -f log_connection
lsattr $FWDIR/conf/masters
more $FWDIR/conf/masters

Рестартануть демон логирования (помогает на SMB)
sfwd_stop
sfwd_start


Collected packet captures

tcpdump -n -i any host 95.79.45.32 and tcp port 257 -w ~/edgesouth_to_mgmt.pcap

tcpdump -n -i any host 185.251.151.93 and tcp port 257 -w ~/edgesouth_to_mgmt.pcap

Список полезных ссылок https://support.checkpoint.com/results/sk/sk38848 https://support.checkpoint.com/results/sk/sk40090 https://support.checkpoint.com/results/sk/sk171055 https://community.checkpoint.com/t5/Management/Logs-are-not-showing/td-p/129589 https://community.checkpoint.com/t5/Management/Logs-are-not-showing/td-p/129589

Restart sfwd daemon at Edge-South, Edge-NN, Edge-DV at 12:51 22/04/2025



[Expert@Edge-South]# netstat -anp | grep ":257"
tcp        0      0 :::257                  :::*                    LISTEN      24050/fw
[Expert@Edge-South]# 
[Expert@Edge-South]# sfwd_stop
cpwd_admin: 
Process SFWD terminated 
[Expert@Edge-South]# sfwd_start
cpwd_admin: 
Process SFWD started successfully (pid=29671) 
[Expert@Edge-South]# 
[Expert@Edge-South]# netstat -anp | grep ":257"
tcp        0      1 185.251.151.93:35073    10.10.1.2:257           SYN_SENT    29671/fw
tcp        0      0 185.251.151.93:38735    178.177.62.162:257      ESTABLISHED 29671/fw
tcp        0      0 :::257 
[Expert@Edge-South]# netstat -anp | grep ":257"
tcp        0      0 185.251.151.93:38735    178.177.62.162:257      ESTABLISHED 29671/fw
tcp        0      0 :::257                  :::*                    LISTEN      29671/fw


[Expert@Edge-NN]# netstat -anp | grep ":257"
tcp        0      1 95.79.45.32:40201       10.10.1.2:257           SYN_SENT    7359/fw
tcp        0      0 :::257                  :::*                    LISTEN      7359/fw
[Expert@Edge-NN]# sfwd_stop
cpwd_admin: 
Process SFWD terminated 
[Expert@Edge-NN]# sfwd_start
cpwd_admin: 
Process SFWD started successfully (pid=17006) 
[Expert@Edge-NN]# 
[Expert@Edge-NN]# netstat -anp | grep ":257"
netstat: showing only processes with your user ID
tcp        0      1 95.79.45.32:33145       10.10.1.2:257           SYN_SENT    17006/fw
tcp        0      0 95.79.45.32:43959       178.177.62.162:257      ESTABLISHED 17006/fw
tcp        0      0 :::257                  :::*                    LISTEN      17006/fw
[Expert@Edge-NN]# netstat -anp | grep ":257"
tcp        0      0 95.79.45.32:43959       178.177.62.162:257      ESTABLISHED 17006/fw
tcp        0      0 :::257



[Expert@Edge-DV]# netstat -anp | grep ":257"
tcp        0      1 192.168.20.22:45627     10.10.1.2:257           SYN_SENT    7373/fw
tcp        0      0 :::257                  :::*                    LISTEN      7373/fw
[Expert@Edge-DV]# sfwd_stop
cpwd_admin: 
Process SFWD terminated 
[Expert@Edge-DV]# sfwd_start
cpwd_admin: 
Process SFWD started successfully (pid=21866) 
[Expert@Edge-DV]# 
[Expert@Edge-DV]# netstat -anp | grep ":257"
tcp        0      0 192.168.20.22:54641     178.177.62.162:257      ESTABLISHED 21866/fw
tcp        0      0 :::257                  :::*                    LISTEN      21866/fw



-----------------------------------------------------------------------------------

ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 FORCE_NATTED_IP -n 1
reboot

Edge-DV
install policy 13:46
Edge-NN, Edge-South
install policy 19:28

Graph View