On This Page
The LEA protocol is expected to be discontinued by Check Point and if you use LEA with version R81 or above you may already experience technical issues. We therefore recommend using syslog instead of LEA.
LEA Monitoring
To keep the LEA connection alive, TOS Aurora:
- Attempts to re-establish the connection until it succeeds. This resolves disconnections when the management server is restarted.
- Sends keep-alive messages on the LEA session to avoid TCP timeouts.
- Refreshes the LEA connection when no logs are received for 15 minutes. This resolves unexpected disconnections without a TCP FIN message.
If TOS Aurora cannot retrieve the logs for 2 days, TOS Aurora sends an administrative alert at midnight with the st_monitor process every day until the logs are successfully retrieved. You can change the default delay for this administrative alert in the Rule_Usage_Not_Being_Collected_Alert_Period field in the stconf table. TOS Aurora also has a command line utility to manually retrieve historical logs in case a gap was created.
