This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Juan_Concepcion
Advisor
‎2017-07-24 02:04 PM

Syslog Blade

So I can follow an incoming syslog message all the way into SmartEvent.  What I cannot do however is create a report filtering specifically for syslog because the blade does not show up for selection, consequently it does not show up in log view either when trying to select a specific blade for filtering on??

Has anyone encountered/found a solution for this??

--Juan

0 Kudos
10 Replies
_Val_
Admin
Admin
‎2017-07-25 08:27 AM

There is no syslog blade. Yet, you should be able to filter by other fields

0 Kudos
Juan_Concepcion
Advisor
‎2017-07-25 08:33 AM

This is screenshot from the log entries that come into my R80.10 Manager and SmartEvent server - my wireless AP is forwarding syslog messages to them.  I have tried filtering on origin, product family and last resort was blade but it cannot be selected in the reporting.

--Juan

0 Kudos
_Val_
Admin
Admin
‎2017-07-25 11:58 PM
In response to Juan_Concepcion

Gotcha. Looks like an oversight to me. Would be a good RFE

0 Kudos
PhoneBoy
Admin
Admin
‎2017-07-26 08:16 AM

Does seem like an oversight.

Tomer Sole‌ can you help confirm?

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2017-07-28 10:11 AM
In response to PhoneBoy

I asked for the better experts to answer on this one. 

0 Kudos
Dan_Zada
Employee Alumnus
Employee Alumnus
‎2017-08-01 03:42 AM

Filtering on blade is supported, maybe the syslog blade is not listed in the picker.

In that case, you can use a custom filter:

Product:Syslog

0 Kudos
Juan_Concepcion
Advisor
‎2017-08-01 05:58 AM
In response to Dan_Zada

Tried that and didn't work, set the filter and didn't get any results.

0 Kudos
Dan_Zada
Employee Alumnus
Employee Alumnus
‎2017-08-01 11:56 PM
In response to Juan_Concepcion

Try "product:Syslog"  

0 Kudos
Juan_Concepcion
Advisor
‎2017-08-02 05:05 AM

Given that it's not showing up as a filtering option in the report do I need to create a custom event for it also?  Again I tried to go in and do this but it does not show up as a product available to filter on for an event.

The problem as I see it is that Syslog does not show up as an "Eventia Product" so i'm not so sure how to filter on these events to get them pulled into the database.

--Juan

Juan_Concepcion
Advisor
‎2017-08-15 07:17 PM
In response to Juan_Concepcion

Wondering if anyone has an answer for this as I haven't been able to get it to work??

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events