Showing results for 
Search instead for 
Did you mean: 
Create a Post
KLN inside Logging and Reporting 39m ago
views 74 5

Log Exporter R80.10 add on for eval

Hi All,Does anyone know if it possible to get the Log Exporter add-on for R80.10 gateway for 30 day eval? I would like to test/try out.If not, if I upgraded my R80.10 eval to R80.20, does that include the Log Exporter (alternative to OPSEC LEA).Thanks
inside Logging and Reporting yesterday
views 102 3

IPS utilization report - Smart View

Hey all, I believe that most of us that enabled IPS in our environment, asked one of the following questions: "if I will move to prevent, what will happen to my network" "Should I do it a step-by-step? how?" "is there any tool that i can use to eliminate any potential impact on my network" for those question we have created multiple documentations with formal procedures. Now, we have created a new Smart View report that allows you to understand your IPS utilization status and base on different step-by-step procedures, utilize the blade for maximum protection and minimum business impact. You can download the CPR file (for Smart-View) from the following link: If you want to influence, you are welcome to replay to this blog with any insight or change you believe we need to add/change. we will change the report based on your needs and will upload a new one until we will have a report that will be release as part of the next GA + Jumbo. Thanks, Oren

SMART EVENTS server move to a different hardware version 80.xx and above ?

Can someone at Checkpoint possibly , come up with a decent documentation on how to move a SMARTEVENT server from server A to Server B, with the understanding that the IP will be kept the same but the HARDWARE may be different ? 1. Snapshots will not be any good.....2. Backup and restore .....useful or not ...probably not...?3. Migrate Export does not move database file....? There were somewhat, almost decent documents in R77.xx but cant find anything halfway decent in R80.xx. Please, someone point me in the right direction... Thanks,
Hugo_vd_Kooij inside Logging and Reporting Thursday
views 4048 8 2

How to debug Policy Installation Errors

I get some BETA Dejavu experiences. Where I would break the EA version by activating the DNS server on the object for my Active Directory server.Ia noe have this gracefull error "Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-2000040)." But I can't even recall having put anything as naughty as a DNS server in my policy...... Checking myself again ....Guess what. I actually did enable the DNS server on my Domain Controller. So what is the logic of this failure?
Daniel_Hainich inside Logging and Reporting Wednesday
views 400 4

R80.20 SmartReporter : how to do a report "rule base analysis"?

Hello, how can i do an report for rule-base analysis?i want to report 0-Hit Rules and Rules which has no hits since x days. please help! Daniel
VENKAT_S_P inside Logging and Reporting Wednesday
views 7898 7 1

Log export to excel CSV

general question:Is there a option to export all (not first 50 records) the 7days / 30days logs to CSV file from Logs & Monitor pane?
Matthias_Haas inside Logging and Reporting Wednesday
views 997 4 1

log accounting does not work

Hello all,we are facing the problem, that after upgrading a Cluster to R80.10, log accounting does not work any more. (worked with R77.30) So- just the FW blade is used (no App Control etc.)- accounting is enabled for the rule- nevertheless, the accounting fields are empty in the logWe have waited quite a while to make sure the fields are filled up.Case is open, but TAC told us that the App Control blade is necessary for accouting which i don´t think is true(at least in my lab it works with the fw blade only)I did not find any usefull SK/information for analysing this problem.Does anyone had the same situation? Thanks a lotMatthias
inside Logging and Reporting Monday
views 54 3

Is it possible to filter access to Management GUI or SmartView Login Pages

While we can use "User Management / GUI Clients" to filter access to SmartConsole, that filter doesn't get applied to GUI or the SmartView web page. Is there any way to restrict access to the Management GUI or SmartView web pages??

Log Exporter stopped reading logs

Hello again,A new problem, this time with the log exporter:[Expert@cplog01p:0]# date Tue Jul 02 09:40:40 CEST 2019 [Expert@cplog01p:0]# cp_log_export status name: status: Running (3986) last log read at: 27 Jun 11:51:02 debug file: /opt/CPrt-R80.20/log_exporter/targets/> Log Exporter has stopped reading logs since some days but is still running.We did a cp_log_export restart and it worked again.Does someone know how to monitor the Log Exporter stopped working even when the process is still running?Is this problem known?Installed version of cplog01p:[Expert@cplog01p:0]# cpinfo -y all This is Check Point CPinfo Build 914000182 for GAIA [IDA] No hotfixes.. [CPFC] HOTFIX_R80_20_JUMBO_HF_MAIN [MGMT] HOTFIX_R80_20_JUMBO_HF_MAIN [FW1] HOTFIX_R80_20_JUMBO_HF_MAIN FW1 build number: This is Check Point Security Management Server R80.20 - Build 007 This is Check Point's software version R80.20 - Build 047 [SecurePlatform] HOTFIX_GOGO_LT_HALO_JHF [CPinfo] No hotfixes.. [DIAG] No hotfixes.. [Reporting Module] HOTFIX_R80_20_JUMBO_HF_MAIN [CPuepm] HOTFIX_R80_20_JUMBO_HF_MAIN [VSEC] HOTFIX_R80_20_JUMBO_HF_MAIN [SmartLog] No hotfixes.. [MGMTAPI] No hotfixes.. [R7520CMP] No hotfixes.. [R7540CMP] No hotfixes.. [R76CMP] No hotfixes.. [SFWR77CMP] No hotfixes.. [R77CMP] HOTFIX_R80_20_JHF_COMP [R75CMP] No hotfixes.. [NGXCMP] No hotfixes.. [EdgeCmp] No hotfixes.. [SFWCMP] No hotfixes.. [FLICMP] No hotfixes.. [SFWR75CMP] No hotfixes.. [CPUpdates] BUNDLE_R80_20_JUMBO_HF_MAIN_gogoKernel Take: 47 [rtm] No hotfixes..
MattDunn inside Logging and Reporting Sunday
views 42 1 1

R80 Logging Query

I want to send a screenshot of the Logs view to a customer to demonstrate an issue and highlight a point I'm trying to make.The issue is VPN related, where we continually try and set up a tunnel, then send a "delete", then set up, then send a delete.I want to show this in my log view so I can take a screenshot, but the one field I want to add to my log view is not available.If I open the log card, I see the "Ike" field, highlighted in red below. I want to add that column to my log view. Other log cards have "Methods" showing info of the key exchange, but again "Methods" is not available to select as a column in my log view. If I go to my log and "Edit Profile", neither the "Ike" or "Methods" fields are available to select as a column in my log view. Why aren't these columns available to add?How can I add them?
Ants inside Logging and Reporting Sunday
views 43 1 1

Auto Export scheduled reports to a remote server possible?

Hi All.We have a set of scheduled reports running on R80.10 CMA and want to know if possible to have them exported to a remote server using scp or similar (only option i see is via email)Our aim is to have these raw reports copied (scp etc) to a remote server where it will be analyzed further with an inhouse automation location/opt/CPrt-R80/smartview/exported_files/41e821a0-3720-11e3-aa6e-0800200c9fde/<objid_for_admin>/alternative plan would be to create a user with scponly shell so they can pull these reports from the FW.. my last resortthanks in advance
Richard_Nock inside Logging and Reporting a week ago
views 71 5

Logging not working for Azure CloudGuard gateways and SMS behind NAT

Our topology is as follows: - BackEnd SubnetAzure Firewall (R80.10) - FrontEnd Subnet|Azure Check Point Cluster Public IP|( Internet )| Check Point 5400 Series Appliance Cluster (R80.10)| ( NAT IP)SmartCenter/Security Management Server (R80.30)As you can see our SMS is NATed behind our 5400 series appliances which it also manages. The management object has the private defined as the IP in the General Properties tab and then public is defined in the NAT tab, set to static IP, install on 5400 series gateway and Apply for Security Gateway control connections ticked.This works for all of our other physical appliances - logging and CRL checking, all fine. However, this does not work for the Azure gateways as they persistently want to get to the SMS on the private IP, which doesn't work.Things we've tried:1. Editing the masters file by replacing the SMS name with the public IP of the management then locking the file changes using the chattr command. We've had limited success with this - if we make the change and restart the FWD service it will start working, but if we push policy again it will start using the private IP again. I'm looking for something more permanent.2. Creating a dummy object with the IP of, tick Logging & Status blade, then select this as the logging server for the Azure gateways. The Azure gateways pick up the change, but they still persist in sending logs to the private IP.3. Tried adding a NAT rule to the top of the NAT policy for anything from src: (FrontEnd Subnet) to dst: (private SMS) then translate to dst: (public SMS). No luck here either.I originally thought it was because we were using an older R80.10 template, but I've deployed a new R80.20 cluster in Azure and updated to the latest jumbo and we still get the same issue.Running out of ideas now, any help/suggestions would be appreciated 🙂
NAMKYUN_KIM inside Logging and Reporting 2 weeks ago
views 228 7

Log Exporter - Log Field description

Hello All,This is Tim. I'm using Checkpoint 4600 and Log Exporter to get Syslog from device into my log server.Actually, It is pretty good well. but I don't know that when i explore the syslog which comes from checkpoint, I couldn't understand what each fields mean. link, there are lots of filed of syslog. but they don't tell us what each fields mean. So, Where can I get information of syslog field?
Rabindra_Khadka inside Logging and Reporting 2 weeks ago
views 61 1

How to forward Checkpoint management server log to different log server

i am unable to forward the checkpoint management server log to different log server, can you pleas help me on this issue.