topic Re: Alert about increase in a specific type of log ("First packet isn't SYN" for me) in General Topics

Alert about increase in a specific type of log ("First packet isn't SYN" for me)

bob111 — Wed, 29 Jan 2025 13:35:44 GMT

Hello guys,
I have a firewall gateway cluster with a manager, version 81.10. I am looking for ways to get an alert about an increase of the log "First packet isn't SYN", whether it is with skyline or some other alert mechanism, through the api or even a cli command that would let me do a query on the logs.
If anyone has suggestions I would love to hear. Thanks:)

Re: Alert about increase in a specific type of log ("First packet isn't SYN" for me)

AkosBakos — Wed, 29 Jan 2025 16:57:38 GMT

Hi @bob111

I suggest you to upgrade it to R81.20 because the support of R81.10 will expired soon. 🙂
Are you sending the logs to any kind SIEM?
Have you checked the features of the SmartEvent?
- I am not 100% sure, maybe you can set such kind of threshold there

Akos

Re: Alert about increase in a specific type of log ("First packet isn't SYN" for me)

PhoneBoy — Thu, 30 Jan 2025 03:24:26 GMT

If it shows up in a search (e.g. with SmartView), you can query via API here: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v2%20
Whether these kinds of messages are "indexed" or not is a separate question.

Re: Alert about increase in a specific type of log ("First packet isn't SYN" for me)

bob111 — Thu, 30 Jan 2025 08:50:32 GMT

Thank you very much, exactly what I was looking for!