cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Logging and Reporting

Have questions about viewing logs with SmartView, generating reports with SmartEvent Event Management, or exporting logs to a SIEM with Log Exporter? This is where to ask!

Michael_Horne
Michael_Horne inside Logging and Reporting 2 hours ago
views 7

Cluster high availability with more that two gateways

Hello,Can someone confirm if it is possible to have a high availability cluster with 3 gateways acting in a Active / Passive / Passive set-up?This kind of set-up may sound a bit strange, so I will explain the design challenge. Maybe someone else has a design for this specific set-upWe have a virtual data center made up of two physical locations in different cities. Currently we have a HA cluster with a security gateway in each location. The data center is is active / passive, with all the active machines in one of the physical locations. When the active security gateway is in the passive data center location the inter-VLAN latency increases from <1 ms  to 6 ms and this causes some application issues.  We can make sure that the when the security gateway in active data center location is available that it is the active security gateway of the cluster.There is a concern that if the security gateway in the active data center location is down for a long time that this will cause issues. The question was raised about having two firewalls in the active data center location an and a third firewall in the passive data center location. The idea would be to have a fail over in the active data center location to the second firewall and only fail over to the third security gateway in the passive data center location, if both firewalls in the active data center location are both unavailable.Many thanks,Michael
FM
FM inside Logging and Reporting yesterday
views 55 2

Where do I locate exported excel file in https://host.domain.com/smartview/?

Where do I locate the excel file I exported in host.domain.com/smartview/? I saw the download dialogue pop-up on the status bar but disappeared as my session expired, and had to re-login.Thank youFaisal
Linus_Espach
Linus_Espach inside Logging and Reporting Wednesday
views 227 3

Sequence Number in Log does not match per connection

HI 2 All, I have a case, where a connection passes several firewalls until its final destination. I can see the Connection within the log on all 3 (FW) hops.Because it is the same segment, I was expecting the same sequence number within the logs on all 3 FWs. Unfortunately it is not the same number.The sequence number is increasing. Any hints what could be the reason for this? Best regards 
Tomas_Hamrle
Tomas_Hamrle inside Logging and Reporting Wednesday
views 209 3 1

SmartEvent - deleting of archived pdf reports

Hello,Customer has R80.30 management server (JHA Take 111) and there are about ten pdf SmartEvent reports scheduled and sent via email everyday. Right now, there are more than 2000 pdf reports stored on management server. I want to delete the old reports, but I'm able to delete only one by one in SmartConsole, so to delete all reports it would take a lot of time. Is is possible to delete multiple stored pdf SmartEvent reports?Thank you
Yonatan_Philip
inside Logging and Reporting Wednesday
views 77010 119 48
Employee+

Log Exporter guide

Hello All,We have recently released the Log Exporter solution.A few posts have already gone up and the full documentation can be found at sk122323.However, I've received a few questions both on and offline and decided to create a sort of log exporter guide.But before I begin I’d like to point out that I’m not a Checkpoint spokesperson, nor is this an official checkpoint thread.I was part of the Log Exporter team and am creating this post as a public service.I’ll try to only focus on the current release, and please remember anything I might say regarding future releases is not binding or guaranteed. Partly because I’m not the one who makes those decisions, and partly because priorities will shift based on customer feedback, resource limitations and a dozen other factors. The current plans and the current roadmap is likely to drastically change over time.And just for the fun of it, I’ll mostly use the question-answer format in this post (simply because I like it and it’s convenient). Log Exporter – what is it?PerformanceFiltersFilters: Example 1Filters: Example 2Gosh darn it, I forgot something! (I'll edit and fill this in later)Feature request
Julie_Paul
inside Logging and Reporting Tuesday
views 4041 11 2
Employee+

Limited Permission Profile

Can I setup a read only user with a profile that only allows him to read logs and view his policy only?  This is on a SMS not an MDM.  The purpose is to allow a limited admin the ability to be restricted to just what they control or have a business need to see.  They do not see all the policies or logs, just their own at their remote location.  
ITler
ITler inside Logging and Reporting Tuesday
views 130 1

Log entries for gateway connection status

Hi,I'm looking for a method to log the connection status of the security gateways that are connected / not connected to the managment server.At the moment i dont't get any message or log entry, when a gateway is disconnected. The thresholds in the smartview monitor are set and the system alert daemon is active, but I think it isn't working.So how is the best practice? Thx in advance,Robert
Support_Team_Bi
Support_Team_Bi inside Logging and Reporting Monday
views 170 3 1

Do system utilization logs of Check Point Firewall collect in the Management?

Do system utilization logs of Check Point Firewall collect in the Management? Or the Management pull the "System utilization" from the firewalls to show via Gateway monitor window?
Runan_Chaung
Runan_Chaung inside Logging and Reporting Monday
views 902 14 1

Traffic calculations question

environment:R80.20 on HP Server Gen10bridge modeI have some question about traffic log and calculations.1. When Application Name is "Unknown Traffic" , traffic log display wrong 2. And I found some log display nothing about traffic3. I use view or report to calculate traffic, can not calculate by destination ip address    log:  view:How could I change my configuration and make it right ?
Bill_Ng
Bill_Ng inside Logging and Reporting Monday
views 495 2 1

Disk Space Managment

Anyone know of a reason why the Disk Space Management of the management server may not be working?    We have the following settings on our management and I would expect it to self clean so to speak after reaching the threshold.running a df -h reports 87% usage on vg_splat-lv log.thanks in advance,Bill
B_P
B_P inside Logging and Reporting Monday
views 676 15

R80.30 Netflow Setup

Pre R80.10 Netflow worked fine.Now on R80.30 I have two flows that are identical -- but one only shows Outbound and the other only shows Inbound BUT -- and this is perplexing -- it is the exact same traffic for both inbound and outbound flows -- i.e. source and destination are the same.Yes.. let that simmer for a while.I have one rule that's configured on the firewall and it's a rule that a lot of web traffic hits on.I'm using ManageEngine's Netflow Analyzer.For this traffic, I would expect there should be one flow and it should include both inbound and outbound traffic on the one interface (the internal interface it's hitting).
Chinmaya_Naik
Chinmaya_Naik inside Logging and Reporting Sunday
views 176 1 1

Forescout NAC Integration with checkpoint EDR (Endpoint)

Hi Team,As of my old query which one is to integration with Checkpoint Management Server which gives us the Firewall Threat Prevention detection and Remediates information on ForeScout.Link: https://community.checkpoint.com/t5/Logging-and-Reporting/Forescout-Integration-with-checkpoint-management-Server/m-p/66240#M3938Now My requirement is about to see the information on ForeScout of all the Endpoint Client which installed in our Infra.Information needs to visible on ForeScout such as:-1. Endpoint Client Version2. Checkpoint Endpoint Services3. Encryption Status of all connected clients4. Antimalware UpdatesAs of now we able to achieve point first, Second and third. CP Endpoint Version Informationscreenshot 02 We try to add the Checkpoint EDR on ForeScout antivirus policy but unable to see the Checkpoint vendor name but we able to see the checkpoint vendor on the encryption section on ForeScout policy and after added the checkpoint on encryption policy (ForeScout) then we able to see the encryption status. (Above Screenshot 02).But as I check with ForeScout team and find that a custom policy needs to be created on ForeScout for Antimalware visibility in order to posture the Checkpoint Antimalware updates but ForeScout required a DAT file from Checkpoint Endpoint Agent.But I unable to find which DAT file required also that file must be stored the Anti-Malware Signature version information (in Checkpoint Endpoint). Basically, other third-party vendors have contained DAT file in each of the machines and that DAT file will usually update once a new signature fetched by the client from Server.Kindly help whether it's possible to see on ForeScout that, whether the Checkpoint Antimalware Signature is up-to-date or not Because the NAC agent have that functionality to move the machine to an isolated network if the Endpoint machine antimalware or antivirus signature is not up to date and this functionality is very important for most of the organization. Thanks and Regards@Chinmaya_Naik 

R80.30 Management : Empty action in custom report

Hello All,I have upgraded Management by changing from appliance R77.30 to open server R80.30. Migrate export are done (Gateway is R77.30 12600). Then I moved logs from r77.30 to r80.30 and set index in r80.30 to 365 days. I have some questions about report that I generated.1. In action count of firewall blade on custom report view, there are empty action show in table. what is the empty action ? please explain it. 

Unable to get audit logs from Checkpoint R80.10

Hi Team,I am a SIEM engineer and wants to integrate Checkpoint firewall R80.10 version with ArcSight SIEM. We have used Syslog exporter module in order to receive logs through syslog.  Currently we are receiving Traffic logs.Please somebody help me with the exact configurations to be done at the firewall end in order to receive audit logs along with traffic logs. Regards,Mitesh Agrawal 
Young_Wook_Choi
Young_Wook_Choi inside Logging and Reporting Friday
views 13835 23 4

[Issue] R80.10 SmartConsole: Export Logs to CSV

Hi,In SmartConsole, I want to export logs to CSV for some period. (For example, 30 days)I applied the filter(30 days) and export it to a CSV file.However, the log of 30 days was not exported and only a part was exported.