https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-Firewall-audit-for-configuration-change-via-API/m-p/213784#M40753 <P>These changes can be reviewed in the Audit logs in SmartConsole.</P> Thu, 09 May 2024 15:11:35 GMT PhoneBoy 2024-05-09T15:11:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-Firewall-audit-for-configuration-change-via-API/m-p/213726#M40739 <P><SPAN>Hi ,</SPAN><BR /><SPAN>How to do audit for Firewall configuration changes done through API.</SPAN><BR /><SPAN>Suppose if any firewall engineer performs changes via API, and i want to know API client logged in to firewall and what changes has been done via API.</SPAN></P> Thu, 09 May 2024 08:06:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-Firewall-audit-for-configuration-change-via-API/m-p/213726#M40739 MaxNC 2024-05-09T08:06:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-Firewall-audit-for-configuration-change-via-API/m-p/213784#M40753 <P>These changes can be reviewed in the Audit logs in SmartConsole.</P> Thu, 09 May 2024 15:11:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-Firewall-audit-for-configuration-change-via-API/m-p/213784#M40753 PhoneBoy 2024-05-09T15:11:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-Firewall-audit-for-configuration-change-via-API/m-p/213997#M40847 <P>Hi PhoneBoy,</P><P>Do i need enable anything? Because i check the audit log in smartConsole is nothing event relate to API action.</P> Mon, 13 May 2024 08:40:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-Firewall-audit-for-configuration-change-via-API/m-p/213997#M40847 MaxNC 2024-05-13T08:40:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-Firewall-audit-for-configuration-change-via-API/m-p/214064#M40866 <P>No.<BR />Here's an example from my lab:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/25640i9FA612345C474606/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P>I performed the following steps using mgmt_cli (which is an API client):</P> <UL> <LI>Login</LI> <LI>Create the host "foobar" with ipv4-address 4.3.2.1</LI> <LI>Publish the changes</LI> </UL> <P>There are log entries for each one of these actions (as user phoneboy).<BR />Double-click on them to see more details:<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/25641i05ABCC60C47EC905/image-size/medium?v=v2&amp;px=400" role="button" title="image.png" alt="image.png" /></span></P> <P>If you cannot see such log entries, I suggest a TAC case: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A>&nbsp;</P> Mon, 13 May 2024 16:20:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/checkpoint-Firewall-audit-for-configuration-change-via-API/m-p/214064#M40866 PhoneBoy 2024-05-13T16:20:02Z