Showing results for 
Search instead for 
Did you mean: 
Create a Post
inside Logging and Reporting 6 hours ago
views 2445 5 6

Log Exporter - Splunk Integration Update

Hello Everyone,We are currently in advanced stages of developing a Log Exporter update that will add CIM support.This will give us better Splunk integration for CIM oriented apps and dashboards (e.g. Splunk Enterprise Security). We are currently looking for customers who wish to test this new feature (in either their lab or production) and share their feedback with us. I would also really appreciate if in your email you could also add the following details:what version of Check Point do you use? And what version of Splunk server?Is your Splunk environment installed as a single-instance or is it a distributed environment?Have you already tested out previous releases of the Log Exporter or is this your first use of the add-on?       The new update will also enable the Log Exporter to work in a semi-unified mode.For those who are unfamiliar with this setting, it means that updates are unified with their original log before they are exported. This makes the information in the update log complete and makes the update log itself more readable (in raw mode you had to manually search for the original log to make sense of the update).Best Regards, Yonatan 
apara inside Logging and Reporting 12 hours ago
views 28

Checkpoint VSX log don't filter the origin virtual system name

Checkpoint VSX log don't filter the virtual system name origin, if i search for destination and/or source i see the gateway name on origin, but if i want use the filter on Origin, i don't find the virtual systemIt's Gaia 80.30What could be the problem? 
B_P inside Logging and Reporting yesterday
views 282 8

R80.30 Netflow Setup

Pre R80.10 Netflow worked fine.Now on R80.30 I have two flows that are identical -- but one only shows Outbound and the other only shows Inbound BUT -- and this is perplexing -- it is the exact same traffic for both inbound and outbound flows -- i.e. source and destination are the same.Yes.. let that simmer for a while.I have one rule that's configured on the firewall and it's a rule that a lot of web traffic hits on.I'm using ManageEngine's Netflow Analyzer.For this traffic, I would expect there should be one flow and it should include both inbound and outbound traffic on the one interface (the internal interface it's hitting).
inside Logging and Reporting Monday
views 4395 3 2

How to exclude the SmartEvent object from the SSL Inspection group

Hello All,I'm reviewing sk112814 which explains how to overcome the the following error."SmartView server certificate is invalid" error when opening a new tab in the R80 SmartConsole "logs & monitor" In the solution steps it is said that one should exclude the SmartEvent object from the SSL inspection group, but I haven't found straight forward instructions on how to perform this step online.Any assist with screen shots will be much appreciated.Regards,AdielKobi Eisenkraft‌ 
lajie93 inside Logging and Reporting Sunday
views 108 2

exporting logs from one SMS to another newly created

Greetings,This is my first post here. I really enjoy the community, which posts help me to fix some issues that i was facing.we have a smartevent server  (SMS A) which store logs from installed customers gateways.we project to move systems configuration and logs from the SMS A to the newly installed SMS B but my worry is about exporting can i easily realized it?
Marko_Keca inside Logging and Reporting Sunday
views 4065 8 3

Is there a way to share View created by one user with other users?

I have created custom View and I'm the only admin who can see it.How can I share it with others?Also when I click on Export template, nothing happens.Thanks in advance!Regards,--Marko
quanglnh inside Logging and Reporting Saturday
views 310 11

Checkpoint OPSEC LEA with LogRhythm SIEM

Hi Everyone, I have a Smart-1 5150 device that manage 90 checkpoint gateway. I want to integrated it with LogRhythm SIEM.I was create a host object for LogRhythm SIEM with it IP.I was create a OPSEC Application for it and also pull certificates from Check Point Smart-1 devices.Now i need to provide the information below on LogRhythm SIEM :opsec_sic_name "OPSEC_APP_SIC_DN"lea_server ip IP_ADDRESSlea_server auth_port 18184lea_server auth_type sslcalea_server opsec_entity_sic_name "LOG_SERVER_DN"opsec_sslca_file "C:\checkpoint_config\opsec.p12" "OPSEC_APP_SIC_DN" is the DN name in OPSEC Application which is "CN=LogRhythm-XM,O=CP-Smart1..ksmkv" in my picture. Is this corect ?"lea_server auth_type" is sslca. Is this only 1 type is sslca or any orther type ?"LOG_SERVER_DN" i not sure where to collect this infor ? i going to the web portal of Smart-1 device and see the DN in Certificate Authority tab as below :is this the right DN for "LOG_SERVER_DN". Since Smart-1 devices í manage all orther firewall, the "LOG_SERVER_DN" is the DN of Smart01 device, right ? Cause after configure, i still can't receive any log on LogRhythm SIEM about Check Point OPSEC. Please help me solve this issue. Thanks!
Raj_Khatri inside Logging and Reporting Friday
views 3673 16 3

How to monitor virtual systems on VSX?

We are running R80 MDS and would like to monitor our VSX clusters that are running R77.20 via Solarwinds using SNMP.  Has anyone had any success getting the virtual systems monitored?  Even after modifying the snmp mode from "default" to "vs" we are unable to poll the virtual system.Could API be used to pull the snmp data?Thanks
Blason_R inside Logging and Reporting a week ago
views 88 3

How do I attach licenses Policy servers?

Hi Team,I have one EPM server R80.20 and licenses for unlimited Policy Servers. I have attached the central license to EPM server and my query is how do I attach licenses to Policy servers since I have installed 3 Policy servers. Which shows eval licenses only.TIABlason R
Ethan_Keaton inside Logging and Reporting a week ago
views 101 2

LEA Not Starting

Trying to get an R77.30 CMA & CLM working with LEA. Able to pull cert from the CMA w/o issue put getting following errors when launching LEA:store_open: Failed stat: Value too large for defined data typeFailed to open LEA state fileTrying running LEA in DEBUG mode wasn't too helpful either. 
Stuart_Green inside Logging and Reporting a week ago
views 5899 11 7

MUH Identity Awareness Agent on Citrix randomly disconnects

Hi,Has anyone encountered this issue with the MUH Identity Awareness Agent running on Citrix servers?  Initial connection works just fine but then after a few days it just disconnects and stops forwarding identities.  Event log on the server says that it is connected but the agent doesn't report that.  Screenshot is attached.  There doesn't seem to be an sk relating to this so I'm wondering if it is a bug?  It's an R80.10 environment running JHF112 and SC Take 056.TIA,Stu
Rahul_Borah inside Logging and Reporting a week ago
views 113 3

All Logs not exported

Hi Expert, In SmartConsole R80.20, I want to export logs to CSV for some period. (For example, 1 day)I have applied the filter for 1 days and export it to a CSV file.But the logs of 1 day was not exported and only a part was exported.Regards,Rahul
C_M inside Logging and Reporting a week ago
views 98 3

Web Services API, task-id

How do I use "show-task" on Web Services API?The documentation, shown below, isn't very helpful:POST {{server}}/show-task Content-Type: application/json X-chkp-sid: {{session}} { "task-id" : "2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb" }The following code provides the task-id, but how do I then use the task-id to see the results of the task?publish_result = api_call(r, 443,"publish", {},sid)print("publish result: " + json.dumps(publish_result))  I would like to feed the task-id from "publish_result" or json-dumps(publish_result) into the task-id api call to then print the progress/result of the task.  
Sal_Previtera inside Logging and Reporting a week ago
views 195 4

SMART EVENTS server move to a different hardware version 80.xx and above ?

Can someone at Checkpoint possibly , come up with a decent documentation on how to move a SMARTEVENT server from server A to Server B, with the understanding that the IP will be kept the same but the HARDWARE may be different ? 1. Snapshots will not be any good.....2. Backup and restore .....useful or not ...probably not...?3. Migrate Export does not move database file....? There were somewhat,  almost decent documents in R77.xx but cant find anything halfway decent in R80.xx. Please,  someone point me in the right direction... Thanks,  
inside Logging and Reporting a week ago
views 112 1

Compliance BLade in R80.20

Environment is R8020. Take 87 JHF. MDS with 34 CMAs and global policy Example... When running the best practice scan looking for rules that do not have any type of tracking, the results show back with the parent domain layer rule as being non compliant domain rules show as 25.1, .2 etc. Is there a setting that will have the compliance blade ignore the parent domain later rule?