https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Rule-Report/m-p/124217#M75227 <P>Depending on the rule that's being matched, it may not be possible to run a report.<BR />The main reason being SmartEvent generally does not index connection logs from the firewall blade, only sessions (generally things that are tracked by a higher-level blade like App Control).<BR />That said, I can think of a couple ways to do this:</P> <UL> <LI>Use SmartView to export the last million logs against the relevant rule into a CSV file, where you can import to Excel or similar.</LI> <LI>You can also get some rough statistics in SmartView, but you'd have to scroll through the various log entries to get them to load into memory so the stats can be shown.</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2021-07-16 at 2.59.15 PM.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12709iAA2E94E9DC860AB1/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2021-07-16 at 2.59.15 PM.png" alt="Screen Shot 2021-07-16 at 2.59.15 PM.png" /></span></P> <P> </P> Fri, 16 Jul 2021 22:01:31 GMT PhoneBoy 2021-07-16T22:01:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Rule-Report/m-p/123863#M75226 <P>Hello All,</P><P>&nbsp; &nbsp; I have inherited a R80.40 system and I have a few rules that are allowing more than I would like. Now I know a few Services (Ports/Protocols) that are going through I want to remove, but going through the logs and trying to weed everything out is painful. I was wondering if I could write a report for a specific rule that would show the top number of Service's (Ports/Protocols) that were going through that rule? If this is possible then I could move things to more appropriate places or black them all together and trim the fat so to speak.</P><P>&nbsp;</P><P>Thanks,</P><P>Scott</P><P>&nbsp;</P> Wed, 14 Jul 2021 21:16:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Rule-Report/m-p/123863#M75226 ScottG67 2021-07-14T21:16:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Rule-Report/m-p/124217#M75227 <P>Depending on the rule that's being matched, it may not be possible to run a report.<BR />The main reason being SmartEvent generally does not index connection logs from the firewall blade, only sessions (generally things that are tracked by a higher-level blade like App Control).<BR />That said, I can think of a couple ways to do this:</P> <UL> <LI>Use SmartView to export the last million logs against the relevant rule into a CSV file, where you can import to Excel or similar.</LI> <LI>You can also get some rough statistics in SmartView, but you'd have to scroll through the various log entries to get them to load into memory so the stats can be shown.</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2021-07-16 at 2.59.15 PM.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12709iAA2E94E9DC860AB1/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2021-07-16 at 2.59.15 PM.png" alt="Screen Shot 2021-07-16 at 2.59.15 PM.png" /></span></P> <P> </P> Fri, 16 Jul 2021 22:01:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Rule-Report/m-p/124217#M75227 PhoneBoy 2021-07-16T22:01:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Rule-Report/m-p/124709#M75228 <P>Thanks a lot for the explanation. I will look into this and report back.</P> Thu, 22 Jul 2021 18:03:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Rule-Report/m-p/124709#M75228 ScottG67 2021-07-22T18:03:34Z