Solved: Alert about increase in a specific type of log ("F...

bob111 · ‎2025-01-29

Hello guys,
I have a firewall gateway cluster with a manager, version 81.10. I am looking for ways to get an alert about an increase of the log "First packet isn't SYN", whether it is with skyline or some other alert mechanism, through the api or even a cli command that would let me do a query on the logs.
If anyone has suggestions I would love to hear. Thanks:)

PhoneBoy · ‎2025-01-29

If it shows up in a search (e.g. with SmartView), you can query via API here: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v2%20
Whether these kinds of messages are "indexed" or not is a separate question.

View solution in original post

AkosBakos · ‎2025-01-29

Hi @bob111

I suggest you to upgrade it to R81.20 because the support of R81.10 will expired soon. 🙂
Are you sending the logs to any kind SIEM?
Have you checked the features of the SmartEvent?
- I am not 100% sure, maybe you can set such kind of threshold there

Akos

----------------
\m/_(>_<)_\m/

PhoneBoy · ‎2025-01-29

If it shows up in a search (e.g. with SmartView), you can query via API here: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v2%20
Whether these kinds of messages are "indexed" or not is a separate question.

bob111 · ‎2025-01-30

Thank you very much, exactly what I was looking for!

Are you a member of CheckMates?

Alert about increase in a specific type of log ("First packet isn't SYN" for me)