MARS and Check Point Firewall Logging

Unanswered Question
Sep 20th, 2010
User Badges:

Hi,


I have added my Check Point CMA object to MARS, but am not getting seeing any log information.  My CLM is a separate server (child enforcement module), which is discovered OK when the intial CMA discovery takes place in MARS.  I have configured the Log Info settings for the CLM entry in MARS with the SIC details for the Check Point MARS and CLM objects.


I've created a simple query to gather outbound ftp data (for which there is lots) and I am seeing nothing when running this query in MARS.  The associated CLM log shows plenty of entries.  I am keen to be able to get some historical logging data via MARS, so any help to resolve this issue would be appreciated.


Many thanks



Liam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fringer Fri, 09/24/2010 - 05:04
User Badges:
  • Cisco Employee,

Liam;


  CS-MARS<>Check Point integration can be very tricky and is very dependent on the versions of software involved.  You may be able to find out some additional insight into the process by raising the CS-MARS logging level for Check Point and monitoring the output.  This is accomplished from the CS-MARS CLI:


[pnadmin]$ pnlog setlevel cpdebug 


You can then view the messages via the CLI as well:


[pnadmin]$ pnlog show cpdebug


  If this does not shed any light on the communication between CS-MARS and the Check Point devices, it would be best to open a service request with TAC to further troubleshooting can be performed.


Scott

Actions

This Discussion