Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
tarasp90
Explorer

New version of fields missing event_type

I cannot find the event_type field for the new fields. Does anyone know the new name of the field?

I tried going through the description and was not able to find anything - https://support.checkpoint.com/results/sk/sk144192

e.g. Login

time=1570087243|loc=1589977|fileid=1570053600|action=authcrypt|orig=0.0.0.0|i/f_dir=inbound|has_accounting=0|logId=-1|log_type=log|log_sequence_num=119|is_first_for_luuid=0|log_version=5|origin_sic_name=CN=FW_VPN01,O=vu.jmsp.prod.sq5ad5|uuid=<5d95a14b,00000000,0140a30a,0000116d>|product=xxxxxxxx|cvpn_category=Session|event_type=Login|client_name=Check Point Mobile|client_version=xxxxx|client_build=xxxxxxx|user=Alain DUBOIS 123 (Alain.dubois@mydomain.com)|auth_method=Password|login_option=Authentification IPSEC|failed_login_factor_num=0|user_dn=CN=Dominique ROBERT 841,OU=Administrateurs,OU=W7,OU=841-Utilisateurs,DC=mydomain,DC=com|user_group=GrpLDAP_VPNSSL, ad_group_VPNSSL_238285|host_type=PC|os_name=Windows|os_version=10|os_build=17763|os_bits=64bit|device_identification={xxxxxxxxxxxxxxxxxxxxxxxxxxx}|session_timeout=10:00:00|login_timestamp= 3Oct2019 9:20:43|src=aa.bb.cc.dd|host_ip=192.168.1.212|office_mode_ip=10.245.131.237|s_port=0|proto=tcp|service=443|tunnel_protocol=IPSec|methods:=3DES + SHA1|status=Success|Suppressed_Logs=0|mac_address=50:76:af:3a:eb:57|Hostname=p0006841|domain_name=mydomain.com|auth_encryption_methods=AES-256 + SHA1 + Group 2

Example log taken from here: https://community.splunk.com/t5/Getting-Data-In/CheckPoint-VPN-Get-username-with-each-firewall-log/m...

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Are you looking for a definition of event_type as a field passed through Log Exporter?
Or is the fact this field is not being exported the issue?
Or is it something else?
Please elaborate and state the version/JHF of the Check Point management.

0 Kudos
the_rock
Legend
Legend

Its not clear to me either what exactly is "missing". Maybe if you attach a screenshot, may explain it better.

Best regards,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events