https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/119716#M75673 <P>Not every log field is indexed is for performance reasons.<BR />That does make certain logs…harder to find.</P> Fri, 28 May 2021 15:30:45 GMT PhoneBoy 2021-05-28T15:30:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/119710#M75672 <P>Hello CheckMates,</P> <P>it's not possible to search in logs for entries blocked by PenaltyBox-feature&nbsp; (fwaccel dos pbox...)</P> <P>Search for "Penalty" or "DOS" brings no results. Looks like these fields are not indexed ?</P> <P>Why not? Every shown field should be searchable.</P> <P>Any way to find these logs without to know the source IP ?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="2021-05-28 09_38_38_penaltyBox_drop.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/11875iA65EC5850E079111/image-size/large?v=v2&amp;px=999" role="button" title="2021-05-28 09_38_38_penaltyBox_drop.png" alt="2021-05-28 09_38_38_penaltyBox_drop.png" /></span></P> Fri, 28 May 2021 13:17:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/119710#M75672 Wolfgang 2021-05-28T13:17:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/119716#M75673 <P>Not every log field is indexed is for performance reasons.<BR />That does make certain logs…harder to find.</P> Fri, 28 May 2021 15:30:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/119716#M75673 PhoneBoy 2021-05-28T15:30:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/119721#M75674 <P>Hi <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/1447">@Wolfgang</a>,</P> <P>Not all fields in SmartLog are displayed in the console. In <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk144192" target="_self">sk144192</A>&nbsp; there are more log fields described that you can use. <BR /><BR />Maybe the following fields can help:<BR />- securexl_message<BR /><BR /></P> Fri, 28 May 2021 15:49:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/119721#M75674 HeikoAnkenbrand 2021-05-28T15:49:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/119731#M75675 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/21670">@HeikoAnkenbrand</a>&nbsp; and <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;</P> <P>No chance at all. None of the shown fields "SecureXL Message", "comment" or "Feature Name" is available to a filter.</P> <P>Same in old Logviewer.</P> <P>I'm not happy that you had no chance to find an information if the PenaltyBox is detecting something <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Fri, 28 May 2021 19:30:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/119731#M75675 Wolfgang 2021-05-28T19:30:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/120125#M75676 <P>small update….</P> <P>With R81 the comment field is searchable. Now you can search „penalty box“ and there are results shown&nbsp;<span class="lia-unicode-emoji" title=":grinning_face:">😀</span></P> Tue, 01 Jun 2021 18:35:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/120125#M75676 Wolfgang 2021-06-01T18:35:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/120155#M75677 <P>I suspect there were some "under the hood" changes in R81 given you have to reindex all the logs when you upgrade.<BR />Also, an interesting tidbit in the R81.10 EA release notes:&nbsp;The Solr functionality is replaced with a PostgreSQL database to improve the stability and performance of the Security Management Server.<BR />Which means: more under the hood changes are coming <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 02 Jun 2021 04:22:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/120155#M75677 PhoneBoy 2021-06-02T04:22:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/120600#M75678 <P>Hi Wolfgang,</P><P>we had the same issue with R80.x. Because there was no solution for that, i tested some filter combinations and found a workaround.</P><P>Using the following filter to display the needed infos in logs:</P><P>(type:"Alert") and not (src:"ips of your internal network" or dst:"your ips from external networks")</P><P>It may be necessery to select or edit the correct profile for displaying the field "Firewall Message" in the logging table.</P> Tue, 08 Jun 2021 10:26:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/120600#M75678 olliM 2021-06-08T10:26:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/150241#M75679 <P>you can try with "penalty box"</P> Mon, 06 Jun 2022 14:15:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/search-in-log-for-quot-PenaltyBox-quot-not-possible/m-p/150241#M75679 CheckPointerXL 2022-06-06T14:15:45Z