Communication issues with certain log servers-checkpoint-gaia,secureplatform
Vendor: checkpoint
OS: gaia,secureplatform
Description:
Indeni will alert if a device is unable to send logs to any of the log servers.
Remediation Steps:
Review the possible cause for this.
How does this work?
By checking which connection the device currently has on port 257, and comparing that with the log servers configured it is possible to see if the device has a connection to the log server or not.
Why is this important?
It is useful for logs to be sent from devices to a central log storage. If the device has lost communication with the log server, it could begin logging locally instead. Some logs may be lost and the device’s own storage may fill up.
Without Indeni how would you find this?
An administrator could login and manually run the command.
chkp-log-server-connected-novsx
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/checkpoint/firewall/log-server-connection-novsx/log-server-connection-novsx.ind.yaml
cross_vendor_log_servers_not_communicating
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_log_servers_not_communicating.scala