On This Page
From January 01, 2023, TOS R21-3 Classic is EOL. Technical support will be available for a limited period to customers with Extended Support agreements.
The LEA protocol is expected to be discontinued by Check Point and if you use LEA with version R81 or above you may already experience technical issues. We therefore recommend using syslog instead of LEA.
LEA Monitoring
To keep the LEA connection alive, TOS Classic:
- Attempts to re-establish the connection until it succeeds. This resolves disconnections when the management server is restarted.
- Sends keep-alive messages on the LEA session to avoid TCP timeouts.
- Refreshes the LEA connection when no logs are received for 15 minutes. This resolves unexpected disconnections without a TCP FIN message.
If TOS Classic cannot retrieve the logs for 2 days, TOS Classic sends an administrative alert at midnight with the st_monitor process every day until the logs are successfully retrieved. You can change the default delay for this administrative alert in the Rule_Usage_Not_Being_Collected_Alert_Period field in the stconf table. TOS Classic also has a command line utility to manually retrieve historical logs in case a gap was created.
