Saturday, April 12, 2014

Kernel debug flags revealed

As I have been advised yesterday night, Check Point has published another extremely interesting document: Kernel Debug Flags. It is a comprehensive list of all kernel modules (chains) of R77 and debug flags for them.

Anyone dealing with kernel troubleshooting may want to download this at once.

Sergei Shir, Check Point TAC engineer and SecureKnowledge content developer is responsible for this brilliant material. Thanks, Sergei, for writing this document and sharing it with the community.

Distribution note: Although the document is classified as "Restricted", it is available for anyone with a valid User Center account. Sergei has personally asked me to share this document with the community.

Wednesday, April 2, 2014

Forwarding Management logs from CMAs to CLMs

If you only log your GWs to CLMs and not to CMAs, it is not exactly convenient having Management audit logs still residing on CMAs.

sk27042 is addressing this matter, but it is grossly outdated. Here is a procedure to forward audit logs to CMAs that works for versions R75.40 and up:

  • Make sure that the CMA is not specified as a Log Server for any Security gateway. If it is, these Security gateways should be reconfigured to redirect their logs to somewhere else (for instance to the CLM). 
  • Use GUIDbEdit, connect to CMA in question, under "network objects" find . In the object properties, find log_server parameter and set the value to false. Then find use_loggers_and_masters parameter and change its property to true. Save DB and exit GUIDBEdit.
  • Log in to CMA with smartDashboard and open CMA object, then go to Logs tab. 
  • If the settings there are greyed out, change settings to control the log settings using SmartDashboard (press “here” link in the tab). Set up primary and secondary log location as required. 
  • Install database on all MGMT objects.
Log into CLM with SmartTracker and check you now have Management logs coming in.