Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Di_Junior
Advisor
Advisor

Software Blades and Logs questions

Dear Mates I have few questions that I nedd help me:

1. Is there any way to find out the all the software blades that have ever been activated and used in a Check Point solution? even if it is no longer in use

2. Is it possible for the "admin" user to delete logs on smartView Tracker in Management tab?

3. Is there any way to recover the "messages" files in /var/log/messages if it has been deleted? By recovering I mean with the old logs in there

4. Is it possible to view all the commands run in "Expert" mode after exiting the mode and re-entering again?

Your help will be appreciated.

Thanks in advance. 

0 Kudos
10 Replies
PhoneBoy
Admin
Admin

1. Audit Logs in SmartConsole. For example, in this case, I activated Mobile Access Blade.

2. Yes. In addition, log files can also be deleted in Expert Mode.

 

3. If /var/log/messages is deleted (which it does get rotated periodically), there is no recovery. You should be backing this up or configure Gaia OS to send syslog messages to an external syslog server.

4. By default, we do not log commands executed in expert mode. There are ways built into bash that will allow you to send commands executed to syslog, for example: logging - How to log all Bash commands by all users on a server? - Ask Ubuntu  

Di_Junior
Advisor
Advisor

Thank you very much Dameon Welch Abernathy

0 Kudos
Marco_Valenti
Advisor

you can have an overview of the enable blades from   the gateway with the command enabled_blades or cpview

0 Kudos
Di_Junior
Advisor
Advisor

Hi Dameon Welch Abernathy‌ we are experiecing something strange on our environment, the file /var/log/messages contents is changing and we cannot see the previous logs. Is this normal? is there any configure that can be done to cause this.

0 Kudos
PhoneBoy
Admin
Admin

The script /etc/cron.daily/logrotate is called daily, generally at midnight.

It calls the logrotate binary, which is configured with /etc/logrotate.conf.

In the default configuration:

  1. Logs are rotated weekly
  2. We keep four weeks of backlogs

This, of course, can be changed.

0 Kudos
Di_Junior
Advisor
Advisor

Is it possible to see the logs of the of four weeks ago? in which file can it be retrieved 

0 Kudos
Di_Junior
Advisor
Advisor

This is our configuration, and it looks like it rotates every four 4 weeks, but we want to find where the backlogs is stored after that. There are some strange changes that was done on our systems recently, and we cant find it. Your help will be appreciated.

0 Kudos
PhoneBoy
Admin
Admin

They are deleted after the fourth week, not stored anywhere.

0 Kudos
PhoneBoy
Admin
Admin

If you suspect foul play, it might be worth giving our Incident Response team a call.

Incident Response | Check Point Software 

0 Kudos
Di_Junior
Advisor
Advisor

Thanks for your help.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events