Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sagar_Manandhar
Advisor

Alert on every console login

hi,

Is there the option that give alert to the admin via mail on every smart console  login done by different users. I found sk related to the alert on policy installation but not able find documentation regarding this type of alert.

Regards,

Sagar Manandhar

5 Replies
PhoneBoy
Admin
Admin

As I recall, the Policy Installation alert can come from SmartEvent.

There is an alert that can be sent for unusual login times there as well:

I guess you could create a time similar to the following:

Of course, that leaves a single minute in a week where if someone logs in, you won't get an alert Smiley Happy

Mike_Swaminatha
Employee Alumnus
Employee Alumnus

Hi Phoneboy

One of my customer did this configuration as you suggested here but it only give login alert with blank email body and no details of who logged in and from where. is there a way we can get the same ?
0 Kudos
Amir_Senn
Employee
Employee

Capture.PNG

Hey,

Mail alert for this kind of event should look like this. We can also un-obfuscate confidential fields using: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

If you don't see the log at all try to check the attached file, it also contains the log.

If you still don't see any information, please share some more details about your version, email client and anything you think might be related.

Kind regards, Amir Senn
0 Kudos
Yuri_Slobodyany
Collaborator

You can try setting Alert instead of Log on a Security Rule that allows administrative access to the firewall, of course it will alert each time there is a match to this rule regardless whether admin actually logged in.

https://www.linkedin.com/in/yurislobodyanyuk/
0 Kudos
Danny
Champion Champion
Champion

You could simply create a startup script that checks the last logins and sends an email if new logins are logged.

Example:

while `sleep 60`; do last | tail -n 1 | check if login is within last minute, if yes, send email done

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events