This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Derek_Davenport
Participant
‎2018-05-03 11:08 AM

HTTP Methods in logs?

Sorry if I missed the answer to this question in documentation or forums...I promised I've tried to find the answer. Smiley Happy

In the URL Filtering and/or Application Control blades is there a way to add the "HTTP method" (eg POST, GET, PROPS, OPTIONS) to the log and more specifically to the log that can be ingested by a 3rd party SIEM?

Thanks for any guidance!

5 Replies
PhoneBoy
Admin
Admin
‎2018-05-03 04:44 PM

You must log the traffic with Extended Logging to get that information.

You will find it in the Session tab of the Log card:

I presume if we log it, it will also be sent to a SIEM as well, particularly if you're using Log Exporter.

See Log Exporter guide‌ for more details. 

Derek_Davenport
Participant
‎2018-05-07 01:45 PM
In response to PhoneBoy

Thanks Dameon Welch Abernathy‌.  I changed the log type to this in the URL/Application control blade, but I am still not seeing this value in the URL filtering log I am getting.

Does this only work on the Application Control blade?  Was it added in a recent version?  Is there a way to tweak what is logged in "Extended Logging" ?

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-07 01:58 PM
In response to Derek_Davenport

You must have App Control/URL Filtering enabled for this to work, both on the gateway and, R80+, the relevant layer.

What is logged by Extended Logging is determined by what blades are active on the relevant gateway and layer.

0 Kudos
Derek_Davenport
Participant
‎2018-05-07 02:03 PM
In response to PhoneBoy

Thanks!  I think R80 is my current stumbling block.  We are migrating to R80.10 gateways in the next few weeks...so I'll be able to verify then.   Thanks!!!!!

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-07 02:04 PM
In response to Derek_Davenport

This should also work in R77.30 as well, though it's in the App Control layer you use Extended Logging.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫