cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
DPB_Point
Nickel

Logging policy rules usage

HI,

I am trying to do a report which has the source, destination, service, action and rule ID as fields. I am having problems when I try to find the rule Id as a field because I only have these posibilities:

Anyone know how to add the field of rule ID? What I am doing is a table inside the report. I know that I can do a filter of the logs tab directly exporting it to a CSV and then filtering the data but my goal is to automatize log reporting so that only serves me in a short period of time.

Furthermore, I consider that the field should be named as the field in logs , access rule number.

Thanks for your attention.

6 Replies
Highlighted
Jerry
Gold

Re: Logging policy rules usage

I might be mistaken but I haven't seen such option in R80.10 so far. the only way of doing it imho is by using either 3rd party tools like Skybox, Firemon or Tufin, or even Splunk (they may work with new API though) or ask CP R&D if that field is actually "reportable" by SmartReport with a little help of SmartLog Smiley Happy Sorry if I have misleaded you by this but as far as Im aware that field does not exist in a standard reporting capabilities or R80.10. Has R80.20 changed this folks?

Jerry
0 Kudos

Re: Logging policy rules usage

The show-package HTML reporter contains hit count. https://community.checkpoint.com/docs/DOC-1974 

0 Kudos
DPB_Point
Nickel

Re: Logging policy rules usage

The matter is that I want to schedule reports and send them by email or export them to a excel in a automatic way. So I need to do it by creating a new report. So do you think that there isnt any way for entering the rule ID field into your report table?

0 Kudos
Employee+
Employee+

Re: Logging policy rules usage

Hi,

It is possible to show the rule uid with some simple XML editing.

 - Create a table with all the fields that you want, and another "placeholder" field.

 - Export the report template.

 - Edit the template .cpr file, search and replace "placeholder" field with rule_uid:

<column>

    <fieldName><![CDATA[rule_uid]]></fieldName> 

 - Import the template file from the SmartView catalog.

The reason it is not shown in the picker is due to overlapping with hitcount rule_uid field.

We will work to fix it in some future version.

Re: Logging policy rules usage

daniel prestes Just a question - once you have this report, what answers will you try to get from it? Because we might have other tools that do this thing you are looking for.

0 Kudos
DPB_Point
Nickel

Re: Logging policy rules usage

Hi tomer,

We want to know to get the logs of a desired rule with the target of viewing if we can granularize more the rules and giving a better service to our customer on the loggings field.

0 Kudos