Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rabindra_Khadka
Contributor

Where does the IPS packet capture and logs store in management server on distributed environment

 

Hello @PhoneBoy 

 

We have distributed environment and all the logs from firewall is forwarded to management server, We want to know where does the logs of IPS and packet capture of store in Management Server.

What is the path for IPS logs and Packet Capture in Management Server.

 

 

Thanks 

0 Kudos
6 Replies
Wolfgang
Authority
Authority

Have a look at What is the Location of IPS Packet Capture File for the location of packet captures.

There is no extra log file location for IPS logs. IPS logs are shown with all other logs in the logview of SmartConsole.

Wolfgang

0 Kudos
Timothy_Hall
Champion
Champion

I don't think sk120773: What is the Location of IPS Packet Capture File is correct, starting in R80.10 gateway IPS packet captures are sent to the gateway's log server and do not remain stored on the gateway like they did in R77.30 and earlier.  In R80.10 they were stored as EML's with a pcap inside, but at some point in a later version they just get stored as straight pcaps on the log server.  See this whole thread:

https://community.checkpoint.com/t5/IPS-Anti-Virus-Anti-Bot-Anti/IPS-packet-capture/td-p/7552

sk120773 needs to be clarified.  Paging @PhoneBoy...

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Wolfgang
Authority
Authority

@Timothy_Hall 

you're correct, the sk is wrong for R80.xx.

I did not checked the content of this sk article, I wrote only a reference in my post 😟

Lesson learned, I have to read all before I write.

Wolfgang

0 Kudos
PhoneBoy
Admin
Admin

@TP_Master can you help point to the right location for IPS pcaps?

0 Kudos
Rabindra_Khadka
Contributor

Hello @TP_Master 

 

Please help! The Management is R80.20 version in distributed environment, we want to find the exact path of the IPS packet capture or logs store in Management Server and please explain if it is a single IPS log or including all the threat prevention logs.

Thank You

0 Kudos
nogae
Employee
Employee

Hi,

All packet capture files for New Anti Virus / Anti Malware / IPS / Threat Emulation  can be found here $FWDIR/log/blob (domain level).


Noga

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events