Communication issues with certain VS and log servers-checkpoint-gaia
Vendor: checkpoint
OS: gaia
Description:
indeni will alert if any of the log servers in an VS on VSX is set to send logs to is not communicating.
Remediation Steps:
Run “cpstat fw -f log_connection” on each VS for more information. Review the possible cause for this.
How does this work?
By checking which connection the device currently has on port 257, and comparing that with the log servers configured it is possible to see if the device has a connection to the log server or not.
Why is this important?
It is useful for logs to be sent from devices to a central log storage. If the device has lost communication with the log server, it could begin logging locally instead. Some logs may be lost and the device’s own storage may fill up.
Without Indeni how would you find this?
An administrator could login to each VS and manually run the command.
chkp-log-server-connected-vsx
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/checkpoint/firewall/log-server-connection-vsx/log-server-connection-vsx.ind.yaml
cross_vendor_log_servers_not_communicating_vsx
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_log_servers_not_communicating_vsx.scala