Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Burak_Ozgen
Participant

Access Control Byte Information Sending LEA with Aggregated

We are using analyzing Checkpoint Events on SIEM. When one of our clients goes and watches some videos on Youtube Checkpoint LOGS&MONITOR shows 1 session in application control blade. Then when client closes youtube on browser, on checkpoint side session still continues. Problem is while session is continues on SIEM side there will be more then 1 log about that session and accounting bytes on checkpoint summing the total count but it sending each log with different bytes info. Attachments explains clear.  

1 Reply
PhoneBoy
Admin
Admin

What you're seeing in SmartConsole is aggregated information.

LEA exports the raw logs that get generated.

I'm not sure if Log Exporter guide‌ is any different but if we're going to make improvements in that area, it will be done there (versus LEA).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events