This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
Monday

Clarification on Log Generation Mode (Aggregate Mode) in R82.10

Hi Mates!!!!
Hope you all doing well.

I have a few questions regarding a feature introduced in R82.10, specifically the Log Generation Mode, and in particular the Aggregate Mode:

  • Generates logs per session and combines multiple connection logs into a single log. Aggregate mode significantly reduces log volume and cloud storage costs.

From my understanding, this setting is applied globally across the policy packages managed by the Management Server. Also, it seems that it effectively changes the logging behavior from per-connection to per-session.

Could you please confirm if this understanding is correct?

Additionally, I would like to clarify the following:

  • If we switch to Aggregate Mode, does it impact all policies in terms of logging behavior (i.e., converting all logs to session-based)?
  • In case we decide to revert back to Standard Mode (for example, if we lose visibility on certain logs such as NAT), will the previous logging behavior be automatically restored as it was before?

Thank you in advance for your support.

2 Replies
PhoneBoy
Admin
Admin
Monday

You have always been able to configure "Per Connection" or "Per Session" logging on a per-rule basis.
Aggregate Mode applies only to rules where this wasn't previously configured.
Which means it should operate as you described.

RemoteUser
Advisor
2 hours ago
In response to PhoneBoy

Just tested this in the lab:

When switching from Standard to Aggregated log mode, the change is applied to all rules, including the cleanup rule.

However, when switching back from Aggregated to Standard, the previous configuration is not automatically restored. This means you need to be careful (specially if you have a lot of rule in the policy pacakge) if you require more detailed logs again, you’ll have to manually reconfigure the rules.

Suggestion: it would be great if this feature could be applied per policy package rather than globally.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events