MARS and Check Point Firewall Logging

liamwalk1971 · ‎09-20-2010

Hi,

I have added my Check Point CMA object to MARS, but am not getting seeing any log information. My CLM is a separate server (child enforcement module), which is discovered OK when the intial CMA discovery takes place in MARS. I have configured the Log Info settings for the CLM entry in MARS with the SIC details for the Check Point MARS and CLM objects.

I've created a simple query to gather outbound ftp data (for which there is lots) and I am seeing nothing when running this query in MARS. The associated CLM log shows plenty of entries. I am keen to be able to get some historical logging data via MARS, so any help to resolve this issue would be appreciated.

Many thanks

Liam

Scott Fringer · ‎09-24-2010

Liam;

CS-MARS<>Check Point integration can be very tricky and is very dependent on the versions of software involved. You may be able to find out some additional insight into the process by raising the CS-MARS logging level for Check Point and monitoring the output. This is accomplished from the CS-MARS CLI:

[pnadmin]$ pnlog setlevel cpdebug

You can then view the messages via the CLI as well:

[pnadmin]$ pnlog show cpdebug

If this does not shed any light on the communication between CS-MARS and the Check Point devices, it would be best to open a service request with TAC to further troubleshooting can be performed.

Scott