https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31605#M97686 <HTML><HEAD></HEAD><BODY><P>Sure, thx for your help!</P><P></P><P>⁣Sent from my phone​</P></BODY></HTML> Fri, 23 Feb 2018 18:01:11 GMT MIRCEA_MITROI1 2018-02-23T18:01:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31601#M97682 <HTML><HEAD></HEAD><BODY><P>Hi all!</P><P></P><P>We have a distributed management/reporting deployment with 1 x R80.10 SmartCenter, 1 x R80.10 SmartEvent and 1 x R77.30.03 SmartEndpoint mgmt server. We have established opsec lea between SmartEvent and Endpoint Server, we receive the logs, the cpstat cpsead looks fine, we can find them under the smartlog, but we cannot find them under the "General Overview" tab. We have also defined "new event" type under the SmartEvent policy, but still couldn't get any correlated endpoint logs.</P><P></P><P>Would be maybe a better idea to send the endpoint server logs to the smartcenter and from there to the smartevent?</P><P></P><P>Do you have any idea on this?</P><P></P><P>Thx a lot!</P><P>Mircea</P></BODY></HTML> Wed, 21 Feb 2018 16:25:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31601#M97682 MIRCEA_MITROI1 2018-02-21T16:25:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31602#M97683 <HTML><HEAD></HEAD><BODY><P>Of the three management objects (SmartEndpoint, SmartCenter, SmartEvent), which ones have SmartEvent Correlation Unit enabled on them?</P></BODY></HTML> Thu, 22 Feb 2018 22:53:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31602#M97683 PhoneBoy 2018-02-22T22:53:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31603#M97684 <HTML><HEAD></HEAD><BODY><P>Hello Dameon,</P><P></P><P> </P><P></P><P>Only the SmartEvent has the Correlation Unit enabled.</P><P></P><P> </P><P></P><P>Thanks,</P><P></P><P>Mircea</P></BODY></HTML> Fri, 23 Feb 2018 07:56:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31603#M97684 MIRCEA_MITROI1 2018-02-23T07:56:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31604#M97685 <HTML><HEAD></HEAD><BODY><P>There are some differences between how R77.x does things and R80.x does things.</P><P>Normally I would suggest doing:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk110894&amp;partition=General&amp;product=SmartEvent" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk110894&amp;partition=General&amp;product=SmartEvent">How to configure an R80/R80.10 SmartEvent Server with an R77.x Security Management</A>&nbsp;</P><P>But since you're also using R80.10 Management, not sure this is the right answer.</P><P>Let me ping R&amp;D <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P></BODY></HTML> Fri, 23 Feb 2018 17:46:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31604#M97685 PhoneBoy 2018-02-23T17:46:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31605#M97686 <HTML><HEAD></HEAD><BODY><P>Sure, thx for your help!</P><P></P><P>⁣Sent from my phone​</P></BODY></HTML> Fri, 23 Feb 2018 18:01:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31605#M97686 MIRCEA_MITROI1 2018-02-23T18:01:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31606#M97687 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #000000; background-color: #ffffff; font-size: 14px;">The default filters of R80.10 SmartEvent "Views" and "Reports" is exclude products from the Endpoint family.</SPAN></P><P><SPAN style="color: #000000; background-color: #ffffff; font-size: 14px;">So maybe the&nbsp;<SPAN>sk118525 is relevant for you.</SPAN></SPAN></P></BODY></HTML> Mon, 26 Feb 2018 15:40:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31606#M97687 Evgenia_Kritsky 2018-02-26T15:40:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31607#M97688 <HTML><HEAD></HEAD><BODY><P>Hello Evgenia,</P><P></P><P> </P><P></P><P>Thank you, we will give it a try.</P><P></P><P> </P><P></P><P>Thx,</P><P></P><P>Mircea</P></BODY></HTML> Mon, 26 Feb 2018 19:02:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31607#M97688 MIRCEA_MITROI1 2018-02-26T19:02:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31608#M97689 <HTML><HEAD></HEAD><BODY><P>Hi Evgenia!</P><P></P><P>Thank you for the solution. Maybe with R80.20 Endpoint will be fully supported by SmartEvent?</P><P></P><P>Thx again,</P><P>Mircea</P><P></P><P>⁣Sent from my phone​</P></BODY></HTML> Fri, 02 Mar 2018 06:57:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Correlating-logs-from-external-log-server/m-p/31608#M97689 MIRCEA_MITROI1 2018-03-02T06:57:58Z