Original credit goes to this post (please go over there to read up on it first): Log rate calculator for MDS / MLM Basically took the script & modified it for single domain. In addition to showing log rates, also added in extra information: - number of logs generated during monitoring period - increase in log file size during the monitoring…(Show moreShow less)
Hi, we have a open server running MDS(R80.10) and few CMAs in it. I was looking for an option to delete the old logs once the space reaches a specific thresholds. This option is not available in MDS or neither in the respective CMAs. Is there anything changed in 80.10 for an MDS running in a open server.
we are working on SIEM tool and also integrated checkpoint management logs with our Tool.also using smart event server . now we need to integrate Antibot,antivirus and threat emulation event with rsa sa (siem )tool. please help on this. i am also checking DXL as well. is any other way to intigrate Antibot and antivirus event with RSA SA .
Perhaps "E" inspection point is for already encripted traffic destined to the peer? Did you make a fw monitor capture between peer addresses (those who negotiate IPSec tunnel) for IKE and ESP traffic to verify if "E" inspection point is visible ??
Hi to everyone, I've an R80.10 SMS, that have the cplmd process goes to 100% cpu ("top" view) when I do some query on the Log search (Log&Monitor). Why? How can I decrease this cosume of CPU? Tha machine is an 8 core CPU. Thank you!
Hey all We encountered diverse issue with security gateway fwd and fw full , under heavy load seems that fwd crash and cpwhatchdog was unable to restart it with the result that firewall is still reachable from the outside but his main functionality as example proxy arp stop working with the result of traffic outage. Of course one of the…(Show moreShow less)
Check Point has recently made available publicly a tool that allows you to export Check Point logs from the management to a syslog server. Refer to the following SK: How to export Check Point logs to a Syslog server using CPLogToSyslog
Did you tried to look at the hit_count_rules_table.sqlite database ? It's located on $FWDIR/conf and you can search on it using sqlite client: First of all, I suggest you to backup up it and to search on the copy : cp $FWDIR/conf/hit_count_rules_table.sqlite /var/hit_count_rules_table.`/bin/date +%Y-%m-%d_%H%M`.sqlite ... be aware of the size…