- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
In R80.10, there are 2 sources for change history:
1. Dynamic revisions at the Security Management Server. This allows us to present:
- All changes at the Manage & Settings-->Revisions view in SmartConsole
These changes are kept forever, unless the user manually purges them. They are lightweight and are based on the delta difference. Users could use the Security Management API or the Gaia operating system revisions as a way to forward history to external storage.
2. Audit logs at the Log Management Server. This allows us to present:
- List of changes in the bottom pane of a selected revision in SmartConsole
- Graphs, overviews and reports of changes in SmartView
These changes are kept according to your Log Retention Policy. Notice that there are 2 retention metrics: deleting indexes of older audit logs (which makes searches for audit logs slow), and deleting of the actual log files (which makes audit logs go away). By default, Check Point only deletes audit log files (and also traffic log files) when the disk space is below a very small threshold as defined in the Log Retention Policy. There are options to forward logs to external storage at the Additional Settings for Log Management Servers.
To summarize: There are two sources to retrieve change history for security management. In SmartConsole we use each source in the way that utilizes it best. However, you could create your own change reports based on the show-changes API. The retention rules are different between the two engines.
Thanks for the insight Tomer Sole , by the inertia principle I (and not only) keep on thinking that what was working in some way before, works the same way in R80 . And kind of lame question (instead of checking myself ) - up until R77.30 audit logs were kept forever unless deleted manually, never mind the Log retention policy, weren't they?
Very good question! Indeed they were..
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY