cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Logging and Reporting

Have questions about viewing logs with SmartView, generating reports with SmartEvent Event Management, or exporting logs to a SIEM with Log Exporter? This is where to ask!

Linus_Espach
Linus_Espach inside Logging and Reporting 12 hours ago
views 216 3

Sequence Number in Log does not match per connection

HI 2 All, I have a case, where a connection passes several firewalls until its final destination. I can see the Connection within the log on all 3 (FW) hops.Because it is the same segment, I was expecting the same sequence number within the logs on all 3 FWs. Unfortunately it is not the same number.The sequence number is increasing. Any hints what could be the reason for this? Best regards 
Tomas_Hamrle
Tomas_Hamrle inside Logging and Reporting 14 hours ago
views 170 3 1

SmartEvent - deleting of archived pdf reports

Hello,Customer has R80.30 management server (JHA Take 111) and there are about ten pdf SmartEvent reports scheduled and sent via email everyday. Right now, there are more than 2000 pdf reports stored on management server. I want to delete the old reports, but I'm able to delete only one by one in SmartConsole, so to delete all reports it would take a lot of time. Is is possible to delete multiple stored pdf SmartEvent reports?Thank you
Yonatan_Philip
inside Logging and Reporting 14 hours ago
views 76936 119 48
Employee+

Log Exporter guide

Hello All,We have recently released the Log Exporter solution.A few posts have already gone up and the full documentation can be found at sk122323.However, I've received a few questions both on and offline and decided to create a sort of log exporter guide.But before I begin I’d like to point out that I’m not a Checkpoint spokesperson, nor is this an official checkpoint thread.I was part of the Log Exporter team and am creating this post as a public service.I’ll try to only focus on the current release, and please remember anything I might say regarding future releases is not binding or guaranteed. Partly because I’m not the one who makes those decisions, and partly because priorities will shift based on customer feedback, resource limitations and a dozen other factors. The current plans and the current roadmap is likely to drastically change over time.And just for the fun of it, I’ll mostly use the question-answer format in this post (simply because I like it and it’s convenient). Log Exporter – what is it?PerformanceFiltersFilters: Example 1Filters: Example 2Gosh darn it, I forgot something! (I'll edit and fill this in later)Feature request
Julie_Paul
inside Logging and Reporting yesterday
views 4030 11 2
Employee+

Limited Permission Profile

Can I setup a read only user with a profile that only allows him to read logs and view his policy only?  This is on a SMS not an MDM.  The purpose is to allow a limited admin the ability to be restricted to just what they control or have a business need to see.  They do not see all the policies or logs, just their own at their remote location.  
ITler
ITler inside Logging and Reporting yesterday
views 89 1

Log entries for gateway connection status

Hi,I'm looking for a method to log the connection status of the security gateways that are connected / not connected to the managment server.At the moment i dont't get any message or log entry, when a gateway is disconnected. The thresholds in the smartview monitor are set and the system alert daemon is active, but I think it isn't working.So how is the best practice? Thx in advance,Robert
Support_Team_Bi
Support_Team_Bi inside Logging and Reporting Monday
views 125 3 1

Do system utilization logs of Check Point Firewall collect in the Management?

Do system utilization logs of Check Point Firewall collect in the Management? Or the Management pull the "System utilization" from the firewalls to show via Gateway monitor window?
Runan_Chaung
Runan_Chaung inside Logging and Reporting Monday
views 868 14 1

Traffic calculations question

environment:R80.20 on HP Server Gen10bridge modeI have some question about traffic log and calculations.1. When Application Name is "Unknown Traffic" , traffic log display wrong 2. And I found some log display nothing about traffic3. I use view or report to calculate traffic, can not calculate by destination ip address    log:  view:How could I change my configuration and make it right ?
Bill_Ng
Bill_Ng inside Logging and Reporting Monday
views 487 2 1

Disk Space Managment

Anyone know of a reason why the Disk Space Management of the management server may not be working?    We have the following settings on our management and I would expect it to self clean so to speak after reaching the threshold.running a df -h reports 87% usage on vg_splat-lv log.thanks in advance,Bill
B_P
B_P inside Logging and Reporting Monday
views 668 15

R80.30 Netflow Setup

Pre R80.10 Netflow worked fine.Now on R80.30 I have two flows that are identical -- but one only shows Outbound and the other only shows Inbound BUT -- and this is perplexing -- it is the exact same traffic for both inbound and outbound flows -- i.e. source and destination are the same.Yes.. let that simmer for a while.I have one rule that's configured on the firewall and it's a rule that a lot of web traffic hits on.I'm using ManageEngine's Netflow Analyzer.For this traffic, I would expect there should be one flow and it should include both inbound and outbound traffic on the one interface (the internal interface it's hitting).
Chinmaya_Naik
Chinmaya_Naik inside Logging and Reporting Sunday
views 140 1 1

Forescout NAC Integration with checkpoint EDR (Endpoint)

Hi Team,As of my old query which one is to integration with Checkpoint Management Server which gives us the Firewall Threat Prevention detection and Remediates information on ForeScout.Link: https://community.checkpoint.com/t5/Logging-and-Reporting/Forescout-Integration-with-checkpoint-management-Server/m-p/66240#M3938Now My requirement is about to see the information on ForeScout of all the Endpoint Client which installed in our Infra.Information needs to visible on ForeScout such as:-1. Endpoint Client Version2. Checkpoint Endpoint Services3. Encryption Status of all connected clients4. Antimalware UpdatesAs of now we able to achieve point first, Second and third. CP Endpoint Version Informationscreenshot 02 We try to add the Checkpoint EDR on ForeScout antivirus policy but unable to see the Checkpoint vendor name but we able to see the checkpoint vendor on the encryption section on ForeScout policy and after added the checkpoint on encryption policy (ForeScout) then we able to see the encryption status. (Above Screenshot 02).But as I check with ForeScout team and find that a custom policy needs to be created on ForeScout for Antimalware visibility in order to posture the Checkpoint Antimalware updates but ForeScout required a DAT file from Checkpoint Endpoint Agent.But I unable to find which DAT file required also that file must be stored the Anti-Malware Signature version information (in Checkpoint Endpoint). Basically, other third-party vendors have contained DAT file in each of the machines and that DAT file will usually update once a new signature fetched by the client from Server.Kindly help whether it's possible to see on ForeScout that, whether the Checkpoint Antimalware Signature is up-to-date or not Because the NAC agent have that functionality to move the machine to an isolated network if the Endpoint machine antimalware or antivirus signature is not up to date and this functionality is very important for most of the organization. Thanks and Regards@Chinmaya_Naik 

R80.30 Management : Empty action in custom report

Hello All,I have upgraded Management by changing from appliance R77.30 to open server R80.30. Migrate export are done (Gateway is R77.30 12600). Then I moved logs from r77.30 to r80.30 and set index in r80.30 to 365 days. I have some questions about report that I generated.1. In action count of firewall blade on custom report view, there are empty action show in table. what is the empty action ? please explain it. 

Unable to get audit logs from Checkpoint R80.10

Hi Team,I am a SIEM engineer and wants to integrate Checkpoint firewall R80.10 version with ArcSight SIEM. We have used Syslog exporter module in order to receive logs through syslog.  Currently we are receiving Traffic logs.Please somebody help me with the exact configurations to be done at the firewall end in order to receive audit logs along with traffic logs. Regards,Mitesh Agrawal 
Young_Wook_Choi
Young_Wook_Choi inside Logging and Reporting Friday
views 13813 23 4

[Issue] R80.10 SmartConsole: Export Logs to CSV

Hi,In SmartConsole, I want to export logs to CSV for some period. (For example, 30 days)I applied the filter(30 days) and export it to a CSV file.However, the log of 30 days was not exported and only a part was exported.
Michael_Horne
Michael_Horne inside Logging and Reporting Wednesday
views 322 4

Traffic dropped with message information: "Rulebase Internal Error"

Hello, We have are having some traffic that is being dropped with the message information: "Rulebase Internal Error"As of yet I have not found any information related to what this message and how it can be remedied.Normally this traffic should be allowed, but because of the issue, it appears the traffic is being dropped.Has anyone have any information that might help in resolving this or might aid the invesitgation?Many thanks,Michael
marcherren
marcherren inside Logging and Reporting a week ago
views 209 3

How to get the total number of hits of a query in Smartview?

How can I get the total number of hits of a given query in a given timeframe in Smartview?I need to the total number to perform some tuning/behavior analys. Currently I'm using fw log | <grep> | wc -l , but this is very very very slow......