cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Drop Logs Analyzer

Hi Team, My name is Marcos and I would like to find the most efficient way to analyze the drops recorded at the CheckPoint logs (SmartLog R77.30). This way I can identify if there are valid communications that need to be allowed in our network or if we may need to contact the source of these drops to stop sending not permitted packets.

I hope someone can help me with the appropriate tool/knowledge to perform this task.

Something interesting could be to find the way to sort these drops based on source/destination IP address, the number of times they are hitting the firewall...

Thanks for your help in advance.

Best regards,

Marcos M.

0 Kudos
1 Reply
Highlighted
Admin
Admin

Re: Drop Logs Analyzer

Unfortunately, the amount of detail you get from a Drop log won't necessarily tell you whether it should be permitted or  not as that's a matter of the specific policy your organization has set.

That said, you can easily find all the drops and find "top talkers" and the like in SmartLog.

Use the search term Action:Drop in order to find all the recent dropped and logged packets.

You can then drill into the top sources/destinations as appropriate.

As you click items under the "Tops" tab on the right, your search terms will be adjusted to show only packets that match that criteria.