No events are coming in from your Checkpoint collector.
You see the follwing message in the checkpoint.log file of the Collector:
ERROR 2009-01-27 21:01:00,514 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0] Thread-41 OpsecLeaSensor(Sensor 0) er
ror in readDevice(). Sensor will be reopened. Details: OPSEC MainLoop has being terminated with errors: Security sessions was ended because
peer ended the session [PEER_ENDED].
The sensor lost track of the log position. You will see the above error message because the sensor is trying to read from a position in the logfile that doesn't exist anymore.
1. Stop the agent on the machine where the Collector is installed
2. In the agent directory go to the directory collectors/checkpoint/
3. In this directory you should find a .position file. If you have multiple sensors configured for the collector on the same machine there might be more than one file.
The .position filename contains the name of the OpSec Application name you created and the IP address of the Checkpoint machine you are reading from.
Example: [email protected]_0_0_3.position
In this example the sensor in the Product Configuration of the SSIM Client is called Sensor0
The Opsec application created for the communication is called OpsecSIM
The IP-address of the checkpoint your collector is connecting to is 10.0.0.3.
Determine the .position file for the sensor that is not working and delete it.
4. Start the agent