This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Joe_Kanaszka
Advisor
‎2026-03-24 01:45 AM
Jump to solution

Logging for GAIA portal and SSH access

Good morning!

We are currently logging admin access to Smart Console via the Check Point Audit logs.

How can we monitor access to the GAIA portal and SSH access to the firewalls?

Shouldn't this show up in the audit logs as well?

 

Thanks guys for any assistance.

 

Labels
0 Kudos
2 Solutions

Accepted Solutions
the_rock
MVP Diamond
MVP Diamond
‎2026-03-24 11:21 AM
Jump to solution

Hey brother,

How you been, all good? I checked what @simonemantovani and @Lesley both said and it makes perfect logical sense. I know both options work as I tested them before.

Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

18 Replies
simonemantovani
MVP
MVP
‎2026-03-24 01:50 AM
Jump to solution

Did you check this from the admin guide?

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/System-...

 

Lesley
MVP Gold
MVP Gold
‎2026-03-24 02:23 AM
In response to simonemantovani
Jump to solution

This or as alternative a playbookimage.png

-------
Please press "Accept as Solution" if my post solved it 🙂
Joe_Kanaszka
Advisor
‎2026-03-24 04:48 AM
In response to Lesley
Jump to solution

Thank you!  I'll ask you the same thing:  Can we simply see GAIA and SSH activity in the Audit logs?  One "pane of glass"  so to speak?

0 Kudos
Lesley
MVP Gold
MVP Gold
‎2026-03-24 05:27 AM
In response to Joe_Kanaszka
Jump to solution

https://support.checkpoint.com/results/sk/sk181230

Also, check the ''audit'' log tab in Smart Console, you can make smart event reports or view with this based on the log info.

Here is an example of logged web interface log action

image.png

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
Joe_Kanaszka
Advisor
‎2026-03-24 04:48 AM
In response to simonemantovani
Jump to solution

Thank you.  Can we simply see GAIA and SSH activity in the Audit logs?  One "pane of glass"  so to speak?

0 Kudos
simonemantovani
MVP
MVP
‎2026-03-24 05:24 AM
In response to Joe_Kanaszka
Jump to solution

Yes it is possibile.

 

I attached a screenshot of the log taken from the Smartconsole for ssh access.

Preview file
36 KB
0 Kudos
Joe_Kanaszka
Advisor
‎2026-03-24 05:38 AM
In response to simonemantovani
Jump to solution

Thank you!  I found a post from last March:

https://community.checkpoint.com/t5/General-Topics/Gateway-secure-log-Can-these-be-seen-in-Smart-Con...

Is this what you're configuring?

In our case, I'd like to capture SSH to the gateways, whether it be clish or Bash.  I would also like to capture admin access to the GAIA portal itself.  

 

Is this all done through configuring syslog on the gateways and pointing the syslogs to our SMS/log server?

 

Thank you again!

 

0 Kudos
simonemantovani
MVP
MVP
‎2026-03-24 08:53 AM
In response to Joe_Kanaszka
Jump to solution

If you follow the admin guide, the firewall will send audit logs directly to the management.

set syslog cplogs on

set syslog mgmtauditlogs on

set syslog auditlog permanent

Joe_Kanaszka
Advisor
‎2026-03-24 10:54 AM
In response to simonemantovani
Jump to solution

Thank you!  Question.  What is the difference between your sk and sk102995?

https://support.checkpoint.com/results/sk/sk102995

0 Kudos
simonemantovani
MVP
MVP
‎2026-03-24 10:58 AM
In response to Joe_Kanaszka
Jump to solution

it's the same (I made reference to the admin guide), the SK 102995 also includes commands to send logs to a 3rd party server.

 

Joe_Kanaszka
Advisor
‎2026-03-24 12:33 PM
In response to simonemantovani
Jump to solution

Gotcha.  OK.  Question if you have time.  The admin guide leaves out the part that sk 102995 references about making the second change in Smart Console under Logs -> Additional logging configuration and selecting "Accept Syslog messages".

Am I missing something?

 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-03-24 12:41 PM
In response to Joe_Kanaszka
Jump to solution

Im fairly positive that option should be checked, brother.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Joe_Kanaszka
Advisor
‎2026-03-24 01:00 PM
In response to the_rock
Jump to solution

No I agree.  🙂  It's just strange how the admin guide doesn't mention it.  

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-03-24 01:22 PM
In response to Joe_Kanaszka
Jump to solution

I know, mind you, truth be told, lots of guides for various vendors may not mention things like that : - (

Thanks God for communities like this one!

Best,
Andy
"Have a great day and if its not, change it"
the_rock
MVP Diamond
MVP Diamond
‎2026-03-24 01:36 PM
In response to Joe_Kanaszka
Jump to solution

Hey Joe,

I know even this screenshot from help section show2s pretty basic explanation, but it does what @simonemantovani mentioned.

Screenshot_1.png

Best,
Andy
"Have a great day and if its not, change it"
Joe_Kanaszka
Advisor
‎2026-03-24 01:41 PM
In response to the_rock
Jump to solution

Yep - makes sense.  Thanks Andy!

the_rock
MVP Diamond
MVP Diamond
‎2026-03-24 02:00 PM
In response to Joe_Kanaszka
Jump to solution

Always glad we can help!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-03-24 11:21 AM
Jump to solution

Hey brother,

How you been, all good? I checked what @simonemantovani and @Lesley both said and it makes perfect logical sense. I know both options work as I tested them before.

Best,
Andy
"Have a great day and if its not, change it"

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events