https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Audit-Log/m-p/32091#M1908 <HTML><HEAD></HEAD><BODY><P>You can not use this command in R76SP.50&gt;</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66485_pastedImage_1.png" /></P></BODY></HTML> Mon, 18 Jun 2018 11:11:47 GMT Huseyin_Rencber 2018-06-18T11:11:47Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Audit-Log/m-p/32089#M1906 <HTML><HEAD></HEAD><BODY><P>On the 13500 appliance I can find user command history, some changed configurations etc in /var/log/messages. As far as I know <SPAN style="color: #000000; background-color: #ffffff; font-size: 14px;">Audit Logs for Gaia Clish commands are written by the<SPAN>&nbsp;</SPAN></SPAN><CODE style="background-color: #ffffff; font-size: 14px;">clishd</CODE><SPAN style="color: #000000; background-color: #ffffff; font-size: 14px;"><SPAN>&nbsp;</SPAN>and<SPAN>&nbsp;</SPAN></SPAN><CODE style="background-color: #ffffff; font-size: 14px;">xpand</CODE><SPAN style="color: #000000; background-color: #ffffff; font-size: 14px;"><SPAN>&nbsp;</SPAN>daemons with<SPAN>&nbsp;</SPAN></SPAN><CODE style="background-color: #ffffff; font-size: 14px;">local0</CODE><SPAN style="color: #000000; background-color: #ffffff; font-size: 14px;"><SPAN>&nbsp;</SPAN>priority to the<SPAN>&nbsp;</SPAN></SPAN><CODE style="background-color: #ffffff; font-size: 14px;">/var/log/messages</CODE><SPAN style="color: #000000; background-color: #ffffff; font-size: 14px;"><SPAN>&nbsp;</SPAN>file.&nbsp;</SPAN>For instance&gt;</P><P></P><P><IMG __jive_id="66453" class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66453_pastedImage_2.png" /></P><P></P><P>On the 41K chassis ( R76SP.50 version )&nbsp; there is&nbsp;commands for audit log such as &gt;</P><P><IMG __jive_id="66455" class="image-3 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66455_pastedImage_4.png" /></P><P><IMG __jive_id="66456" class="jive-image image-4" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66456_pastedImage_5.png" /></P><P><IMG __jive_id="66457" class="image-5 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66457_pastedImage_6.png" /></P><P></P><P></P><P></P><P><IMG __jive_id="66454" class="image-2 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66454_pastedImage_3.png" /></P><P></P><P>But after running these commands I could not find&nbsp;logs like "cmd by xxx start executing" in audit files and in var/log/messages. Where can I look for audit log, is there a way to find user clish history on 41K appliance?</P><P></P><P>Thanks.</P></BODY></HTML> Sun, 17 Jun 2018 19:47:31 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Audit-Log/m-p/32089#M1906 Huseyin_Rencber 2018-06-17T19:47:31Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Audit-Log/m-p/32090#M1907 <HTML><HEAD></HEAD><BODY><P>Did you try asg_auditlog command?</P></BODY></HTML> Mon, 18 Jun 2018 10:27:58 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Audit-Log/m-p/32090#M1907 Sancar_Capi 2018-06-18T10:27:58Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Audit-Log/m-p/32091#M1908 <HTML><HEAD></HEAD><BODY><P>You can not use this command in R76SP.50&gt;</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66485_pastedImage_1.png" /></P></BODY></HTML> Mon, 18 Jun 2018 11:11:47 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Audit-Log/m-p/32091#M1908 Huseyin_Rencber 2018-06-18T11:11:47Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Audit-Log/m-p/32092#M1909 <HTML><HEAD></HEAD><BODY><P>In one of the latest JHFA this feature is available now for scalable plattforms. This was a neccessary feature for our deployment so we raised a RfE and luckily it found its way into the JHFA.</P></BODY></HTML> Fri, 10 Aug 2018 11:02:25 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Audit-Log/m-p/32092#M1909 Alexander_Wilke 2018-08-10T11:02:25Z