cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Dan_Zada
inside Logging and Reporting 5m ago
views 457 9 4
Employee+

Log Exporter Filtering

Hello all,I'm happy to inform you that we added a new feature to the log exporter - the ability to filter logs.Starting today, you will be able to configure which logs will exported, based on fields and values, including complex statements.More information, including basic and advanced filtering instructions, can be found in SK122323.If you have any question or comment, let me know.Thanks!Dan.
Scott_Paisley
Scott_Paisley inside Logging and Reporting 13 hours ago
views 16

Searching logs via description field

We enabled blocking traffic coming from known malicious IP addresses on our R77.30 gateways following sk103154which saysTo monitor the blocked IP addresses:In SmartView Tracker, search for "SecureXL message: Quota violation".That worked when the Tracker was R77, but in R80.20 when I search for that string I get zero results.Anyone else got it working?
Sergei_M
Sergei_M inside Logging and Reporting yesterday
views 24

Log Exporter Reexport

For the purpose of restoration of logs after accidents we tried to apply command cp_log_export reexport. In practice unloading of logs was executed in the period of last 4 hours that did not suit us. Whether there is an opportunity to unload the logs fora longer period? How to make it?
sajin
sajin inside Logging and Reporting Monday
views 183 4

Smart Event not showing Accepted Log

Smart Event not showing Accepted and the Clean up rule is ANY ANY ALLOW. In the Event when i select the policy package in the filter, the ACCEPT logs shows 0. I changed the Log to Detailed and Extended and after the Accept log was available but when expanding the logs again it shows only DETECT logs.Please any one help on this issue.

CheckPoint SmartView Browser R80.30 Automatic text translation!

Hello.I noticed that General Overview is automatically translated into Russian after a certain period of time. How is this possible? R80.30, OS Win 7
Ugur_Urel
Ugur_Urel inside Logging and Reporting Saturday
views 136 2

User web activity application detection

Hi all,In the "Application and URL Filtering" report of the Smart Event, in the "high bandwidth user" view, for some users we see applications like "HTTP/2 over TLS" and "SSL Protocol". Beside these applications we can also see applications like youtube, facebook etc. (I have attached a picture from an example report)What we want to understand is what kind of access generates these traffics? ("HTTP/2 over TLS" and "SSL Protocol"). These applications seems like protocols, not applications, so in stead of these shouldn't we need to see the real application/site?

750 APPLIANCE REPORT l shows wrong

Dear Support, i have 750 appliances check point model when we chose the monthly reportsits shows the wrong data how can we resolve.
Shiran_wang
Shiran_wang inside Logging and Reporting Friday
views 101 2

5200 standaloe HA SmartEvent gray

5200 device upgrade to R80.10, after upgrade i found i can't enable SmartEvent due to this icon is gray,i checked official document, this document mention 5400 model can not be enable SmartEvent but no 5200 modelwhat should i do to enable SmartEvent blade?
Beverley_Cudd
Beverley_Cudd inside Logging and Reporting Friday
views 242 3

Smartview Monitor stops running

We are running Smartview monitor on R80.10 and it seems to go down without reason.I have already had to restart it on our external cluster but today have tried to use is on all 4 firewalls and all 4 are showing down.I have rerun the command rtmstop && rtmstartto stop and restart it on one of them which brought it back to life.Question is why does it keep going down.

R80.10 Log Exporter logs

Hello,I've configured the Log Exporter T51 in order to send logs to ArcSight and afterwards I've noticed a continuous daily increase in used disk space on the root partition.I've found the log_indexer.elg.* files (each 20 MB in size) in /opt/CPrt-R80/log_exporter/targets/<name>/log/log_indexer.elg.*Is there an automatic purge mechanism in place for these log files? Are old ones going to be removed?Thanks,George
Adiel_Ashrov
inside Logging and Reporting Wednesday
views 3214 2 2
Employee

How to exclude the SmartEvent object from the SSL Inspection group

Hello All,I'm reviewing sk112814 which explains how to overcome the the following error."SmartView server certificate is invalid" error when opening a new tab in the R80 SmartConsole "logs & monitor" In the solution steps it is said that one should exclude the SmartEvent object from the SSL inspection group, but I haven't found straight forward instructions on how to perform this step online.Any assist with screen shots will be much appreciated.Regards,AdielKobi Eisenkraft‌
Valeri_Loukine
inside Logging and Reporting a week ago
views 146 1
Admin

White Paper - SMS and EPM log integration using SmartLog

Author Derek O'Flynn @Derek_OFlynn Abstract: For customers that are utilizing a SMS for gateways and SmartLog/SmartEvent integration adding Endpoint requires connecting to multiple consoles to view and respond to log data. This paper allows configuration of the primary SMS to read logs from EPM for less complexity. Information below references sk35288 (Step1) but this paper focuses on EPM integration specifically.
Baasanjargal_Ts
Baasanjargal_Ts inside Logging and Reporting a week ago
views 168 1

Generate report from command line

Is this possible to generate reports from the command line when deployed Standalone installation on CP5400 device.
Michael_Horne
Michael_Horne inside Logging and Reporting a week ago
views 375 4 2

Logs & Monitoring - Reverse DNS lookups incorrect

Hello,I have been looking for information about how the reverse DNS lookup works for the "logs" in R80.10. The issue we have is that the FQDN being displayed in the Logs is incorrect. In the log view ZRH-L00053" is displayed for the IP 10.166.138.158When we check the DNS on the management server the host ZRH-D00008 is the actual owner of this IP Address in both directions and ZRH-L00053 maps to another IPIf anyone has any information about how this reverse DNS lookup is working it would be greatMany thanks,Michael
Dale_Lobb
Dale_Lobb inside Logging and Reporting a week ago
views 53 1

Re: Can't Discard "SmartView Tracker" sessions on R80.20 SmartConsole

Hey Dameon, I think having a separate discussion about SmartView Tracker issues is a great idea. Can we make some sort of new category, say like: "Suggested Improvements", or a more apropos title, if anyone can think of a better one, where we can open semi-permanent threads about product usability, workflow and suggested changes/fixes? Otherwise I think a thread about usability will probably get buried and forgotten pretty quickly.Best Regards,Dale