Queries in Checkpoint related to logs.

Vengatesh_SR — Tue, 05 Jun 2018 13:31:08 GMT

Checkpoint local user- related logs storage path

Can we configure any alert in firewall which notifies the password change related logs

Re: Queries in Checkpoint related to logs.

Kaspars_Zibarts — Thu, 07 Jun 2018 09:12:39 GMT

you can see password changes in the messages file, for example just grep for "pass"

[Expert@fw1:0]# grep -i pass messages

User admin changing password interactively:

Jun 4 05:13:23 2018 fw1 xpand[16234]: User entry created for "admin" in the password database
Jun 4 05:13:23 2018 fw1 xpand[16234]: admin localhost p -passwd:admin:lastchg 1507809353
Jun 4 05:13:23 2018 fw1 xpand[16234]: admin localhost p +passwd:admin:lastchg 1528100003
Jun 4 05:13:23 2018 fw1 xpand[16234]: admin localhost p -passwd:admin:passwd ********************************
Jun 4 05:13:23 2018 fw1 xpand[16234]: admin localhost p +passwd:admin:passwd **********************************

where 1528100003 is the EPOC time you may convert with any tools, for example

date -d '1970-01-01 UTC + 1528100003 seconds'
Mon Jun 4 05:13:23 ART 2018

Expert password set with hash instead of interactive:

Jun 4 06:55:47 2018 fw1 clish[13821]: cmd by admin: Start executing : set expert-password-hash ... (cmd md5: ecb7a46d62f313d7f1cc2bc0dacbfbd9)

Then generating alerts would be up to you - you can write scripts, do polling etc depending on the destination of the alert

Re: Queries in Checkpoint related to logs.

PhoneBoy — Fri, 08 Jun 2018 19:09:29 GMT

If you're wanting to get the Gaia OS logs into SmartLog so you can run SmartEvent reports, refer to: How to export syslog messages from Security Gateway on Gaia OS to a Log Server and view them in SmartView Tracker

topic Queries in Checkpoint related to logs. in Firewall and Security Management

Queries in Checkpoint related to logs.

Re: Queries in Checkpoint related to logs.

Re: Queries in Checkpoint related to logs.