Every change in status of a Cluster Member is recorded in the Logs tab of the Logs & Monitor of SmartConsole. This is based on what you select for the Fail-Over Tracking option of the cluster object ClusterXL page.
The following conventions are used in this section:
Starting <ClusterXL|State Synchronization>.
Indicates that ClusterXL (or State Synchronization, for 3rd party clusters) was successfully started on the reporting member. This message is usually issued after a member boots, or after an explicit call to cphastart
.
Stopping <ClusterXL|State Synchronization>.
Informs that ClusterXL (or State Synchronization) was deactivated on this member. The member will no longer be a part of the cluster (even if configured to be so), until ClusterXL is restarted.
Unconfigured cluster Computers changed their MAC Addresses. Please reboot the cluster so that the changes take affect.
This message is usually issued when a member is shut down, or after an explicit call to cphastop
.
Mode inconsistency detected: member [ID] ([IP]) will change its mode to [MODE]. Please re-install the security policy on the cluster.
This message should rarely happen. It indicates that another Cluster Member has reported a different cluster mode than is known to the local member. This is usually the result of a failure to install the Access Control Policy on all Cluster Members. To correct this problem, install the Access Control Policy again.
Note - The cluster will continue to operate after a mode inconsistency has been detected, by altering the mode of the reporting member to match the other Cluster Members. However, it is highly recommended that the policy will be re-installed as soon as possible.
State change of member [ID] ([IP]) from [STATE] to [STATE] was cancelled, since all other members are down. Member remains [STATE].
When a member needs to change its state (for example, when an active member encounters a problem and needs to bring itself down), it first queries the other members for their state. If all other members are down, this member cannot change its state to a non-active one (or else all members will be down, and the cluster will not function). Thus, the reporting Cluster Member continues to function, despite its problem (and will usually report its state as "Active Attention").
member [ID] ([IP]) <is active|is down|is stand-by|is initializing> ([REASON]).
This message is issued whenever a Cluster Member changes its state. The log text specifies the new state of the member.
Pnote log messages are issued when a pnote device changes its state.
The pnote device is working normally.
Either an error was detected by the pnote device, or the device has not reported its state for a number of seconds (as set by the "timeout" option of the pnote)
Indicates that the device has registered itself with the pnote mechanism, but has not yet determined its state.
This message should not normally appear. Contact Check Point Support.
Indicates that this interface is working normally, meaning that it is able to receive and transmit packets on the expected subnet.
This message is issued whenever an interface encounters a problem, either in receiving or transmitting packets. Note that in this case the interface may still be working properly, as far as the OS is concerned, but is unable to communicate with other cluster members due to a faulty cluster configuration.
Notifies users that a new interface was registered with the Security Gateway (meaning that packets arriving on this interface are filtered by the firewall). Usually this message is the result of activating an interface (such as issuing an ifconfig up
command on Unix systems). The interface will now be included in the ClusterXL reports (such as in SmartView Monitor, or in the output of cphaprob -a if
). Note that the interface may still be reported as "Disconnected", in case it was configured as such for ClusterXL.
Indicates that an interface was detached from the Security Gateway, and is therefore no longer monitored by ClusterXL.
This message is the result of an attempt to configure a ClusterXL in Load Sharing Multicast mode over Security Gateways using an acceleration device that does not support Load Sharing. As a result, acceleration will be turned off, but the cluster will work in Check Point Load Sharing mode (CPLS).
This text can be included in a pnote log message describing the reasons for a problem report: Another member has more interfaces reported to be working, than the local member does. This means that the local member has a faulty interface, and that its counterpart can do a better job as a Cluster Member. The local member will therefore go down, leaving the member specified in the message to handle traffic.
This message is issued when members in the same cluster have a different number of interfaces. A member having fewer interfaces than the maximal number in the cluster (the reporting member) may not be working properly, as it is missing an interface required to operate against a cluster IP address, or a synchronization network. If some of the interfaces on the other Cluster Member are redundant, and should not be monitored by ClusterXL, they should be explicitly designated as "Disconnected". This is done using the file $FWDIR/conf/discntd.if file.
ClusterXL has detected a problem with one or more of the monitored interfaces. This does not necessarily mean that the member will go down, as the other members may have less operational interfaces. In such a condition, the member with the highest number of operational interfaces will remain up, while the others will go down.