Showing results for 
Search instead for 
Did you mean: 
Create a Post
inside Logging and Reporting 7 hours ago
views 4376 3 2

How to exclude the SmartEvent object from the SSL Inspection group

Hello All,I'm reviewing sk112814 which explains how to overcome the the following error."SmartView server certificate is invalid" error when opening a new tab in the R80 SmartConsole "logs & monitor" In the solution steps it is said that one should exclude the SmartEvent object from the SSL inspection group, but I haven't found straight forward instructions on how to perform this step online.Any assist with screen shots will be much appreciated.Regards,AdielKobi Eisenkraft‌ 
lajie93 inside Logging and Reporting yesterday
views 72 2

exporting logs from one SMS to another newly created

Greetings,This is my first post here. I really enjoy the community, which posts help me to fix some issues that i was facing.we have a smartevent server  (SMS A) which store logs from installed customers gateways.we project to move systems configuration and logs from the SMS A to the newly installed SMS B but my worry is about exporting can i easily realized it?
Marko_Keca inside Logging and Reporting yesterday
views 4007 8 3

Is there a way to share View created by one user with other users?

I have created custom View and I'm the only admin who can see it.How can I share it with others?Also when I click on Export template, nothing happens.Thanks in advance!Regards,--Marko
quanglnh inside Logging and Reporting Saturday
views 224 11

Checkpoint OPSEC LEA with LogRhythm SIEM

Hi Everyone, I have a Smart-1 5150 device that manage 90 checkpoint gateway. I want to integrated it with LogRhythm SIEM.I was create a host object for LogRhythm SIEM with it IP.I was create a OPSEC Application for it and also pull certificates from Check Point Smart-1 devices.Now i need to provide the information below on LogRhythm SIEM :opsec_sic_name "OPSEC_APP_SIC_DN"lea_server ip IP_ADDRESSlea_server auth_port 18184lea_server auth_type sslcalea_server opsec_entity_sic_name "LOG_SERVER_DN"opsec_sslca_file "C:\checkpoint_config\opsec.p12" "OPSEC_APP_SIC_DN" is the DN name in OPSEC Application which is "CN=LogRhythm-XM,O=CP-Smart1..ksmkv" in my picture. Is this corect ?"lea_server auth_type" is sslca. Is this only 1 type is sslca or any orther type ?"LOG_SERVER_DN" i not sure where to collect this infor ? i going to the web portal of Smart-1 device and see the DN in Certificate Authority tab as below :is this the right DN for "LOG_SERVER_DN". Since Smart-1 devices í manage all orther firewall, the "LOG_SERVER_DN" is the DN of Smart01 device, right ? Cause after configure, i still can't receive any log on LogRhythm SIEM about Check Point OPSEC. Please help me solve this issue. Thanks!
Raj_Khatri inside Logging and Reporting Friday
views 3603 16 2

How to monitor virtual systems on VSX?

We are running R80 MDS and would like to monitor our VSX clusters that are running R77.20 via Solarwinds using SNMP.  Has anyone had any success getting the virtual systems monitored?  Even after modifying the snmp mode from "default" to "vs" we are unable to poll the virtual system.Could API be used to pull the snmp data?Thanks
Blason_R inside Logging and Reporting Wednesday
views 75 3

How do I attach licenses Policy servers?

Hi Team,I have one EPM server R80.20 and licenses for unlimited Policy Servers. I have attached the central license to EPM server and my query is how do I attach licenses to Policy servers since I have installed 3 Policy servers. Which shows eval licenses only.TIABlason R
Ethan_Keaton inside Logging and Reporting Wednesday
views 93 2

LEA Not Starting

Trying to get an R77.30 CMA & CLM working with LEA. Able to pull cert from the CMA w/o issue put getting following errors when launching LEA:store_open: Failed stat: Value too large for defined data typeFailed to open LEA state fileTrying running LEA in DEBUG mode wasn't too helpful either. 
Stuart_Green inside Logging and Reporting Tuesday
views 5856 11 7

MUH Identity Awareness Agent on Citrix randomly disconnects

Hi,Has anyone encountered this issue with the MUH Identity Awareness Agent running on Citrix servers?  Initial connection works just fine but then after a few days it just disconnects and stops forwarding identities.  Event log on the server says that it is connected but the agent doesn't report that.  Screenshot is attached.  There doesn't seem to be an sk relating to this so I'm wondering if it is a bug?  It's an R80.10 environment running JHF112 and SC Take 056.TIA,Stu
Rahul_Borah inside Logging and Reporting Monday
views 110 3

All Logs not exported

Hi Expert, In SmartConsole R80.20, I want to export logs to CSV for some period. (For example, 1 day)I have applied the filter for 1 days and export it to a CSV file.But the logs of 1 day was not exported and only a part was exported.Regards,Rahul
C_M inside Logging and Reporting a week ago
views 94 3

Web Services API, task-id

How do I use "show-task" on Web Services API?The documentation, shown below, isn't very helpful:POST {{server}}/show-task Content-Type: application/json X-chkp-sid: {{session}} { "task-id" : "2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb" }The following code provides the task-id, but how do I then use the task-id to see the results of the task?publish_result = api_call(r, 443,"publish", {},sid)print("publish result: " + json.dumps(publish_result))  I would like to feed the task-id from "publish_result" or json-dumps(publish_result) into the task-id api call to then print the progress/result of the task.  
Sal_Previtera inside Logging and Reporting a week ago
views 188 4

SMART EVENTS server move to a different hardware version 80.xx and above ?

Can someone at Checkpoint possibly , come up with a decent documentation on how to move a SMARTEVENT server from server A to Server B, with the understanding that the IP will be kept the same but the HARDWARE may be different ? 1. Snapshots will not be any good.....2. Backup and restore .....useful or not ...probably not...?3. Migrate Export does not move database file....? There were somewhat,  almost decent documents in R77.xx but cant find anything halfway decent in R80.xx. Please,  someone point me in the right direction... Thanks,  
inside Logging and Reporting a week ago
views 101 1

Compliance BLade in R80.20

Environment is R8020. Take 87 JHF. MDS with 34 CMAs and global policy Example... When running the best practice scan looking for rules that do not have any type of tracking, the results show back with the parent domain layer rule as being non compliant domain rules show as 25.1, .2 etc. Is there a setting that will have the compliance blade ignore the parent domain later rule?
HeikoAnkenbrand inside Logging and Reporting a week ago
views 120521 51 47

R80.10 Syslog Exporter

Via Check Point Support you get a Syslog exporter for SIEM applications for R80.10 Managment. Which allows an easy and secure method for exporting CP logs over syslog. Exporting can be done in few standard protocols and formats. Log Exporter supports: Splunk Arcsight RSA LogRhythm QRadar McAfee Log Exporter is a multi-threaded daemon service, running on a log server. Each log that is written on the log server is read by the log exporter daemon, transformed into the desired format and mapping, and then sent to the end target.   Installation on R80.10 Jumbo Hotfix Take 56 or higher.   Syntax: # cp_log_export add name <name> [domain-server <domain-server>] target-server <target-server> target-port <target-port> protocol <(udp|tcp)> [optional arguments]   Command Name Command Description add Deploy a new Check Point logs exporter. set Updates an exporter's configuration. delete Removes an exporter. show Prints an exporter's current configuration. status Shows an exporter's overview status. start Starts an exporter process stop Stops an exporter process. restart Restarts an exporter process. reexport Resets the current position, and re-exports all logs per the configuration.   Regards, Heiko
Di_Junior inside Logging and Reporting 2 weeks ago
views 137 5

Custom Reports on Critical Attacks

Dear Mates I need your help. I must present a report on my top management that shows the total number of critical attacks, and another one with the names of each attack. For Example: 30 critical attacks prevented, then the name of the attacksAny idea on how I can accomplish this. Thanks in advance
Ants inside Logging and Reporting 2 weeks ago
views 93 1

VPN User reports - help needed with outputs

Hi All,So I have  VPN reports scheduled in R80.10 running and outputs VPN user activity for the previous day.Report itself is simple in that it logs the following criteriaTime, Origin, Action, source, User, Client Name, ReasonMain goal for this is to view user login / logout times if needed..So this works fine.. but I need to understand the difference between a 'session timeout' and 'user has signed off' - itself not an issue.. but it is sometimes logged against different actions which is a bit confusing..see example below for user 'asmith'  - can anyone help me understand the difference inaction = 'update' with reason 'user has signed off'vsaction = 'log out' with reason 'Session timeout'I would expect these reasons to be the other way round..Any ideasthanks in adv Sep 2, 2019 10:59:59 ( Smith (asmith) Session timeoutSep 2, 2019 11:08:41 PMFW01Log ( Smith (asmith) Session timeoutSep 2, 2019 11:08:41 ( Smith (asmith) Session timeoutSep 2, 2019 3:05:35 PMFW01Log ( Smith (asmith)Endpoint Security VPN Sep 2, 2019 3:08:42 PMFW01Log ( Smith (asmith)Endpoint Security VPN Sep 2, 2019 3:50:14 PMFW01Log ( Smith (asmith)Endpoint Security VPN Sep 2, 2019 3:59:59 ( Smith (asmith) User has signed offSep 2, 2019 3:59:59 ( Smith (asmith) Session timeoutSep 2, 2019 4:48:15 PMFW01Log ( Smith (asmith) User has signed offSep 2, 2019 4:49:13 ( Smith (asmith) User has signed offSep 2, 2019 4:59:59 ( Smith (asmith) Session timeoutSep 2, 2019 5:59:59 ( Smith (asmith) Session timeoutSep 2, 2019 6:59:59 ( Smith (asmith) Session timeoutSep 2, 2019 7:59:59 ( Smith (asmith) Session timeoutSep 2, 2019 8:59:59 ( Smith (asmith) Session timeoutSep 2, 2019 9:59:59 ( Smith (asmith) Session timeout