https://community.checkpoint.com/t5/Endpoint/New-version-of-fields-missing-event-type/m-p/199284#M7825 <P>I cannot find the event_type field for the new fields. Does anyone know the new name of the field?<BR /><BR />I tried going through the description and was not able to find anything - <A href="https://support.checkpoint.com/results/sk/sk144192" target="_blank" rel="noopener">https://support.checkpoint.com/results/sk/sk144192</A><BR /><BR />e.g. Login</P><P class="lia-indent-padding-left-30px">time=1570087243|loc=1589977|fileid=1570053600|action=authcrypt|orig=0.0.0.0|i/f_dir=inbound|has_accounting=0|logId=-1|log_type=log|log_sequence_num=119|is_first_for_luuid=0|log_version=5|origin_sic_name=CN=FW_VPN01,O=vu.jmsp.prod.sq5ad5|uuid=&lt;5d95a14b,00000000,0140a30a,0000116d&gt;|product=xxxxxxxx|cvpn_category=Session|<U><STRONG>event_type=Login</STRONG></U>|client_name=Check Point Mobile|client_version=xxxxx|client_build=xxxxxxx|user=Alain DUBOIS 123 (Alain.dubois@mydomain.com)|auth_method=Password|login_option=Authentification IPSEC|failed_login_factor_num=0|user_dn=CN=Dominique ROBERT 841,OU=Administrateurs,OU=W7,OU=841-Utilisateurs,DC=mydomain,DC=com|user_group=GrpLDAP_VPNSSL, ad_group_VPNSSL_238285|host_type=PC|os_name=Windows|os_version=10|os_build=17763|os_bits=64bit|device_identification={xxxxxxxxxxxxxxxxxxxxxxxxxxx}|session_timeout=10:00:00|login_timestamp= 3Oct2019 9:20:43|src=aa.bb.cc.dd|host_ip=192.168.1.212|office_mode_ip=10.245.131.237|s_port=0|proto=tcp|service=443|tunnel_protocol=IPSec|methods:=3DES + SHA1|status=Success|Suppressed_Logs=0|mac_address=50:76:af:3a:eb:57|Hostname=p0006841|domain_name=mydomain.com|auth_encryption_methods=AES-256 + SHA1 + Group 2</P><P>Example log taken from here: <A href="https://community.splunk.com/t5/Getting-Data-In/CheckPoint-VPN-Get-username-with-each-firewall-log/m-p/497376" target="_blank" rel="noopener">https://community.splunk.com/t5/Getting-Data-In/CheckPoint-VPN-Get-username-with-each-firewall-log/m-p/497376</A></P> Wed, 29 Nov 2023 18:27:57 GMT tarasp90 2023-11-29T18:27:57Z https://community.checkpoint.com/t5/Endpoint/New-version-of-fields-missing-event-type/m-p/199284#M7825 <P>I cannot find the event_type field for the new fields. Does anyone know the new name of the field?<BR /><BR />I tried going through the description and was not able to find anything - <A href="https://support.checkpoint.com/results/sk/sk144192" target="_blank" rel="noopener">https://support.checkpoint.com/results/sk/sk144192</A><BR /><BR />e.g. Login</P><P class="lia-indent-padding-left-30px">time=1570087243|loc=1589977|fileid=1570053600|action=authcrypt|orig=0.0.0.0|i/f_dir=inbound|has_accounting=0|logId=-1|log_type=log|log_sequence_num=119|is_first_for_luuid=0|log_version=5|origin_sic_name=CN=FW_VPN01,O=vu.jmsp.prod.sq5ad5|uuid=&lt;5d95a14b,00000000,0140a30a,0000116d&gt;|product=xxxxxxxx|cvpn_category=Session|<U><STRONG>event_type=Login</STRONG></U>|client_name=Check Point Mobile|client_version=xxxxx|client_build=xxxxxxx|user=Alain DUBOIS 123 (Alain.dubois@mydomain.com)|auth_method=Password|login_option=Authentification IPSEC|failed_login_factor_num=0|user_dn=CN=Dominique ROBERT 841,OU=Administrateurs,OU=W7,OU=841-Utilisateurs,DC=mydomain,DC=com|user_group=GrpLDAP_VPNSSL, ad_group_VPNSSL_238285|host_type=PC|os_name=Windows|os_version=10|os_build=17763|os_bits=64bit|device_identification={xxxxxxxxxxxxxxxxxxxxxxxxxxx}|session_timeout=10:00:00|login_timestamp= 3Oct2019 9:20:43|src=aa.bb.cc.dd|host_ip=192.168.1.212|office_mode_ip=10.245.131.237|s_port=0|proto=tcp|service=443|tunnel_protocol=IPSec|methods:=3DES + SHA1|status=Success|Suppressed_Logs=0|mac_address=50:76:af:3a:eb:57|Hostname=p0006841|domain_name=mydomain.com|auth_encryption_methods=AES-256 + SHA1 + Group 2</P><P>Example log taken from here: <A href="https://community.splunk.com/t5/Getting-Data-In/CheckPoint-VPN-Get-username-with-each-firewall-log/m-p/497376" target="_blank" rel="noopener">https://community.splunk.com/t5/Getting-Data-In/CheckPoint-VPN-Get-username-with-each-firewall-log/m-p/497376</A></P> Wed, 29 Nov 2023 18:27:57 GMT https://community.checkpoint.com/t5/Endpoint/New-version-of-fields-missing-event-type/m-p/199284#M7825 tarasp90 2023-11-29T18:27:57Z https://community.checkpoint.com/t5/Endpoint/New-version-of-fields-missing-event-type/m-p/199305#M7826 <P>Are you looking for a definition of event_type as a field passed through Log Exporter?<BR />Or is the fact this field is not being exported the issue?<BR />Or is it something else?<BR />Please elaborate and state the version/JHF of the Check Point management.</P> Thu, 30 Nov 2023 00:42:36 GMT https://community.checkpoint.com/t5/Endpoint/New-version-of-fields-missing-event-type/m-p/199305#M7826 PhoneBoy 2023-11-30T00:42:36Z https://community.checkpoint.com/t5/Endpoint/New-version-of-fields-missing-event-type/m-p/199306#M7827 <P>Its not clear to me either what exactly is "missing". Maybe if you attach a screenshot, may explain it better.</P> <P>Best regards,</P> <P>Andy</P> Thu, 30 Nov 2023 01:49:53 GMT https://community.checkpoint.com/t5/Endpoint/New-version-of-fields-missing-event-type/m-p/199306#M7827 the_rock 2023-11-30T01:49:53Z