This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Joe_Kanaszka
Advisor
‎2025-05-05 06:19 AM
Jump to solution

SSH logging?

Good morning!

Running R81.20

 

What is the best practice for monitoring and logging SSH sessions to our Security Gateways / SMS?

I'd like to be able to see a daily report for all sessions and what was done during the session if possible.

 

Thank you!

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-05-05 07:31 AM
Jump to solution

Dashboard Audit Logs:

Screenshot 2025-05-05 163024.png

I connected with WinSCP first and then started Putty (shown log entry).

WHat was done is visible in Legacy SVTracker:

Screenshot 2025-05-05 164045.png

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

11 Replies
AkosBakos
MVP Silver
MVP Silver
‎2025-05-05 06:38 AM
Jump to solution

Hi @Joe_Kanaszka 

I think you should use 3rd party solution for this.

Akos

----------------
\m/_(>_<)_\m/
the_rock
MVP Diamond
MVP Diamond
‎2025-05-05 07:20 AM
Jump to solution

I was looking at the R82 smart event I have in my lab, but did not see anything specific for ssh logins.

Andy

Best,
Andy
AkosBakos
MVP Silver
MVP Silver
‎2025-05-05 07:24 AM
In response to the_rock
Jump to solution

Maybe the parsing the /var/log/messages -> the logins are logged.

----------------
\m/_(>_<)_\m/
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-05-05 07:31 AM
Jump to solution

Dashboard Audit Logs:

Screenshot 2025-05-05 163024.png

I connected with WinSCP first and then started Putty (shown log entry).

WHat was done is visible in Legacy SVTracker:

Screenshot 2025-05-05 164045.png

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
the_rock
MVP Diamond
MVP Diamond
‎2025-05-05 08:38 AM
In response to G_W_Albrecht
Jump to solution

That is indeed super useful, though wondering if there is a report for it in smart event?

Andy

Best,
Andy
Joe_Kanaszka
Advisor
‎2025-05-05 11:33 AM
In response to G_W_Albrecht
Jump to solution

Thank you for this!  

0 Kudos
Joe_Kanaszka
Advisor
‎2025-05-05 12:18 PM
In response to G_W_Albrecht
Jump to solution

I forgot to ask you how you enter Legacy SmartView Tracker from Smart Log?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-05-05 12:56 PM
In response to Joe_Kanaszka
Jump to solution

 
Best,
Andy
Preview file
85 KB
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-05-05 11:41 AM
Jump to solution

Hey brother,

Hope what I attached helps. Its via smartview.

Andy

Best,
Andy
Preview file
32 KB
Preview file
376 KB
Audit_Logs_May_5__2025_14_38_43_554_PM.zip
(1)
Joe_Kanaszka
Advisor
‎2025-05-05 11:43 AM
In response to the_rock
Jump to solution

Thank both you guys!

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-05-05 11:44 AM
In response to Joe_Kanaszka
Jump to solution

Its not perfect, but better than nothing lol

Andy

Best,
Andy
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events