https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21417#M3956 <HTML><HEAD></HEAD><BODY><P>This should also work in R77.30 as well, though it's in the App Control layer you use Extended Logging.</P></BODY></HTML> Mon, 07 May 2018 21:04:12 GMT PhoneBoy 2018-05-07T21:04:12Z https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21412#M3951 <HTML><HEAD></HEAD><BODY><P>Sorry if I missed the answer to this question in documentation or forums...I promised I've tried to find the answer. <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P><P></P><P>In the URL Filtering and/or Application Control blades is there a way to add the "HTTP method"&nbsp;(eg POST, GET, PROPS, OPTIONS) to the log and more specifically to the log that can be ingested by a 3rd party SIEM?</P><P></P><P>Thanks for any guidance!</P></BODY></HTML> Thu, 03 May 2018 18:08:24 GMT https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21412#M3951 Derek_Davenport 2018-05-03T18:08:24Z https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21413#M3952 <HTML><HEAD></HEAD><BODY><P>You must log the traffic with Extended Logging to get that information.</P><P>You will find it in the Session tab of the Log card:</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/65335_pastedImage_1.png" /></P><P></P><P>I presume if we log it, it will also be sent to a SIEM as well, particularly if you're using Log Exporter.</P><P>See&nbsp;<A href="https://community.checkpoint.com/message/16349">Log Exporter guide</A>‌ for more details.&nbsp;</P></BODY></HTML> Thu, 03 May 2018 23:44:32 GMT https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21413#M3952 PhoneBoy 2018-05-03T23:44:32Z https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21414#M3953 <HTML><HEAD></HEAD><BODY><P>Thanks <A href="https://community.checkpoint.com/migrated-users/2075">Dameon Welch Abernathy</A>‌.&nbsp; I changed the log type to this in the&nbsp;URL/Application control blade, but I am still not seeing this value in the URL filtering log I am getting.</P><P></P><P>Does this only work on the Application Control blade?&nbsp;&nbsp;Was it added in a recent version?&nbsp; Is there a way to tweak&nbsp;what is logged in "Extended Logging" ?</P></BODY></HTML> Mon, 07 May 2018 20:45:50 GMT https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21414#M3953 Derek_Davenport 2018-05-07T20:45:50Z https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21415#M3954 <HTML><HEAD></HEAD><BODY><P>You must have App Control/URL Filtering enabled for this to work, both on the gateway and, R80+, the relevant layer.</P><P>What is logged by Extended Logging is determined by what blades are active on the relevant gateway and layer.</P></BODY></HTML> Mon, 07 May 2018 20:58:16 GMT https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21415#M3954 PhoneBoy 2018-05-07T20:58:16Z https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21416#M3955 <HTML><HEAD></HEAD><BODY><P>Thanks!&nbsp; I think R80 is my current stumbling block.&nbsp; We are migrating to R80.10 gateways in the next few weeks...so I'll be able to verify then.&nbsp; &nbsp;Thanks!!!!!</P></BODY></HTML> Mon, 07 May 2018 21:03:12 GMT https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21416#M3955 Derek_Davenport 2018-05-07T21:03:12Z https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21417#M3956 <HTML><HEAD></HEAD><BODY><P>This should also work in R77.30 as well, though it's in the App Control layer you use Extended Logging.</P></BODY></HTML> Mon, 07 May 2018 21:04:12 GMT https://community.checkpoint.com/t5/General-Topics/HTTP-Methods-in-logs/m-p/21417#M3956 PhoneBoy 2018-05-07T21:04:12Z