topic Re: Where does the IPS packet capture and logs store in management server on distributed environment in Firewall and Security Management

Where does the IPS packet capture and logs store in management server on distributed environment

Rabindra_Khadka — Mon, 18 May 2020 05:39:04 GMT

We have distributed environment and all the logs from firewall is forwarded to management server, We want to know where does the logs of IPS and packet capture of store in Management Server.

What is the path for IPS logs and Packet Capture in Management Server.

Thanks

Re: Where does the IPS packet capture and logs store in management server on distributed environment

Wolfgang — Mon, 18 May 2020 06:55:04 GMT

Have a look at What is the Location of IPS Packet Capture File for the location of packet captures.

There is no extra log file location for IPS logs. IPS logs are shown with all other logs in the logview of SmartConsole.

Wolfgang

Re: Where does the IPS packet capture and logs store in management server on distributed environment

Timothy_Hall — Mon, 18 May 2020 15:42:56 GMT

I don't think sk120773: What is the Location of IPS Packet Capture File is correct, starting in R80.10 gateway IPS packet captures are sent to the gateway's log server and do not remain stored on the gateway like they did in R77.30 and earlier. In R80.10 they were stored as EML's with a pcap inside, but at some point in a later version they just get stored as straight pcaps on the log server. See this whole thread:

https://community.checkpoint.com/t5/IPS-Anti-Virus-Anti-Bot-Anti/IPS-packet-capture/td-p/7552

sk120773 needs to be clarified. Paging @PhoneBoy...

Re: Where does the IPS packet capture and logs store in management server on distributed environment

Wolfgang — Mon, 18 May 2020 16:23:39 GMT

@Timothy_Hall

you're correct, the sk is wrong for R80.xx.

I did not checked the content of this sk article, I wrote only a reference in my post 😟

Lesson learned, I have to read all before I write.

Wolfgang

Re: Where does the IPS packet capture and logs store in management server on distributed environment

PhoneBoy — Tue, 19 May 2020 00:38:58 GMT

@TP_Master can you help point to the right location for IPS pcaps?

Re: Where does the IPS packet capture and logs store in management server on distributed environment

Rabindra_Khadka — Wed, 20 May 2020 04:37:34 GMT

Hello @TP_Master

Please help! The Management is R80.20 version in distributed environment, we want to find the exact path of the IPS packet capture or logs store in Management Server and please explain if it is a single IPS log or including all the threat prevention logs.

Thank You

Re: Where does the IPS packet capture and logs store in management server on distributed environment

nogae — Wed, 20 May 2020 06:39:26 GMT

Hi,

All packet capture files for New Anti Virus / Anti Malware / IPS / Threat Emulation can be found here $FWDIR/log/blob (domain level).

Noga