topic Log Actions - Explanation in Firewall and Security Management

Log Actions - Explanation

cezar_varlan1 — Wed, 26 Jan 2022 11:10:31 GMT

Does anyone have a better reference or does anyone have the knowledge to explain what the various actions in the log_action field actually mean? Also what blade generated it and what is the expected outcome?

For example Drop is generated by Firewall - and the session is finished with a silent drop [timeout].

action

Action

int

Action of matched rule
Possible values:
0 - Drop
1 - Reject
2 - Accept
3 - Encrypt
4 - Decrypt
17 - Authorize
18 - Deauthorize
30 - Bypass
33 - Block
34 - Detect
39 - Do not send
43 - Allow
46 - Ask User
61 - Extract

Note: This field is not mandatory to every log

Reference:https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

Re: Log Actions - Explanation

G_W_Albrecht — Wed, 26 Jan 2022 11:54:07 GMT

sk122323: Log Exporter - Check Point Log Export

Re: Log Actions - Explanation

cezar_varlan1 — Thu, 27 Jan 2022 06:32:07 GMT

Got myself caught up in a cycling reference back to my own SK -

@G_W_Albrecht that article is not what I am asking. I do know how to extract the blade in the logs. But this implies the log happened, I am trying to create a dictionary and attach this to a splunk dashboard that I will publish to the rest of the IT organization so people can do a self-service lookup instead of a specific search in firewall logs

Re: Log Actions - Explanation

G_W_Albrecht — Fri, 28 Jan 2022 07:54:06 GMT

Good luck with your work !