This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sorin_Gogean
Advisor
‎2022-07-12 07:13 AM
Jump to solution

Generic DataCenter details in logs

Hello mates,

 

I have looked over the Generic DataCenter implementation and we are close to start using this type of objects, for different cases.

In one situation, we had used a script that was addressing some TOR resources, and adjusted it a bit, so it would keep the UUID , will address other IP lists resources, etc. .

Works well for quite some time, problem is that from time to time, I notice that the objects generated by/for this GDC are not refreshed for 1 - 2 days (or a bit more).

All I was able to catch in the FWL Logs is that the JSON file is "corrupted" so from there I've looked what/why. 

Checking why, I've noticed that process/script we use is not running anymore on the Management Server, not sure why it stopped running, I'll see if I have smth in the other system logs.

 

So what I'm after, is there a way we can get an alert when the retrieval of the JSON content fails, so we know and take action in case this happens ?

I tried to look into SmartEvents, but sadly I did not find a way for setting SmartEvents to look for specific LOG patterns and generate an alert on them .

 

Any idea, hint to follow would appreciate 😃 .

 

Thank you,

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-07-19 08:55 AM
In response to Sorin_Gogean
Jump to solution

There is some stuff in the CloudGuard Controller Admin Guide about this point: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_CloudGuard_Controller_AdminG... 

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
‎2022-07-18 08:39 AM
Jump to solution

Can you post a screenshot of the log in question with sensitive data redacted?
Maybe there's something we can do with it.

0 Kudos
Sorin_Gogean
Advisor
‎2022-07-19 01:26 AM
In response to PhoneBoy
Jump to solution

Hello @PhoneBoy ,

 

Here you have the beginning and failure of the json reading/mapping .

There is not much, and I tried to search in any way, no luck. 

So if there is a possibility to create an SmartEvent alert based on anything from here (or just for failure alerts), would be great 😊.

Untitled.pngUntitled.png

 

 

Thank you,

0 Kudos
Alex-
Leader Leader
Leader
‎2022-07-19 02:42 AM
In response to Sorin_Gogean
Jump to solution

Not every log component is indexed or actionable. You can use the show-logs API on blade "Cloudguard IaaS" to get specific results for Control connections and filter from there, for instance for the Critical keywords. I'm not sure if it's what you're looking after though.

0 Kudos
Sorin_Gogean
Advisor
‎2022-07-19 04:46 AM
In response to Alex-
Jump to solution

Hey Alex, 

 

Thank you for pointing that out, but not really what we wanted 😕, as I stated initially, we're using SmartEvent to perform certain actions in different cases, and in this case/situation I would like to be able to trigger an event from SmartEvent, that would be performed in the case of GDC update failure. 

With API, we can explore that path, but since SmartEvent is already running, we hoped that there is smth that we can achieve with it 😉.

 

Thank you,

0 Kudos
PhoneBoy
Admin
Admin
‎2022-07-19 08:55 AM
In response to Sorin_Gogean
Jump to solution

There is some stuff in the CloudGuard Controller Admin Guide about this point: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_CloudGuard_Controller_AdminG... 

Sorin_Gogean
Advisor
‎2022-07-20 09:27 AM
In response to PhoneBoy
Jump to solution

thank you sooo much @PhoneBoy , 

sometimes I wonder why I'm so "blind", as I looked on that page several times....

 

ty,

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events