Critical configuration files message - false positive?

Critical configuration files message - false positive?
0

Question:

Hi on 5.9 i am getting 'critical configuration files mismatch across cluster members'


referencing /etc/syslog.conf


this is a file that is created by Check Point itself in Gaia.


Here are they two configs from the cluster, what is it spotting ?


[Expert@xxx-gateway-01:0]# cat /etc/syslog.conf

# This file was AUTOMATICALLY GENERATED

# Generated by /bin/syslog_xlate on Thu Aug 11 14:48:34 2016

#

# DO NOT EDIT

#

auth.* /var/log/auth

*.info;local5.emerg;local0.notice;authpriv.emerg;cron.emerg;mail.emerg /var/log/messages

mail.* /var/log/maillog

*.emerg *

cron.* /var/log/cron

local7.* /var/log/boot.log

authpriv.* /var/log/secure

uucp.crit;news.crit /var/log/spooler

[Expert@xxx-gateway-01:0]#


[Expert@xxx-gateway-02:0]# cat /etc/syslog.conf

# This file was AUTOMATICALLY GENERATED

# Generated by /bin/syslog_xlate on Thu Jun 15 10:52:32 2017

#

# DO NOT EDIT

#

auth.* /var/log/auth

*.info;local5.emerg;local0.notice;authpriv.emerg;cron.emerg;mail.emerg /var/log/messages

mail.* /var/log/maillog

*.emerg *

cron.* /var/log/cron

local7.* /var/log/boot.log

authpriv.* /var/log/secure

uucp.crit;news.crit /var/log/spooler

[Expert@xxx-gateway-02:0]#


I looked at the script and ran it. It looks like the md5sum is really different for both files, even though it ignores the “Generated” line. There are probably spaces here that mean nothing but result in a different md5sum. Maybe we should ignore whitespaces in the files?


Answer:

Your analysis seems accurate. We will ask a community member to update the script so that it ignores whitespace.