Solved: Re: Does any method can setting all rule enable "p...

Han_Lung_Kuo · ‎2025-06-02

Hi Everyone,

Our device almost enable firewall function only, so the log default just enable "per connection",

but recently we need make traffic report, that need "per seesion" log, so:

- Does any method can setting all rule enable "per session" log?

- Does any method can enable "per session" log when we create new rule?

Thanks,

Amir_Senn · ‎2025-06-04

I created a script a while ago. This is the important part:

Change_Track_Log3.sh

#Default values
Layer_Name="$2 Network"
Domain_Name="$3"

mgmt_cli login -r true > id.txt
for (( N=1; (($N-1))<$1; N=(($N+1)))); { mgmt_cli set access-rule layer "$Layer_Name" rule-number $N track.type log track.per-session true --domain "System Data" -s id.txt; }
mgmt_cli publish -s id.txt

You can run it with syntax:
./Change_Track_Log3.sh 3 amirP

This changed the first 3 rules on amirP policy package to session.

Domain name is for MDS. You can leave blank for non-MDS.

Edited comments:

Please don't take this at face value. This is good in general but might need fine tuning for your needs.

Example: if you have detailed/extended logs on some of your rules.

Also, you can replace the root user (-r true) with actual admin and hold the publish. This way you can review the changes and only then publish.

Kind regards, Amir Senn

View solution in original post

AkosBakos · ‎2025-06-03

Hi @Han_Lung_Kuo

You need to set it on-by-one in SmartConsole. Other approach can be the mgmt_cli, where you write a small script or lines, and set all rules to the necessary tracking option.

https://sc1.checkpoint.com/documents/latest/APIs/#cli/set-access-rule~v2%20

Akos

----------------
\m/_(>_<)_\m/

Han_Lung_Kuo · ‎2025-06-03

Hi Akos,

thanks, I use api commands to edit all rule enable "per session" log, look like work 🙂

but now we need to take care new rule, sometime and someone would miss to enable "per session".

does any method can solve it?

Lesley · ‎2025-06-03

Can you share the API command you used please?

Question 2 is no: https://support.checkpoint.com/results/sk/sk109146

Would be a RFE.

-------
Please press "Accept as Solution" if my post solved it 🙂

AkosBakos · ‎2025-06-03

Almost 10 years... 🙂

2016-03-14

----------------
\m/_(>_<)_\m/

Han_Lung_Kuo · ‎2025-06-03

I use excel to create number sequence and command set, then copy it in smartconsole command line:
set access-rule layer "Network" track.per-session "True" rule-number 1

if you use in-line layer rule, remeber change layer parameter, not rule-number.

Tomer_Noy · ‎2025-06-03

The next version (R82.10) will include configuration options for globally setting Session Logs and having more control on defaults for new rules. We've added this following feedback from the field, mainly from customers that want to reduce log rates, but also for using Access logs in reports.

Here's a sneak peek at how it will be configured:

Aggregated will switch to Session Logs for existing and new rules. It's phrased a bit differently because some scenarios (such as APPI) already used session logs as the default.

And you'll also be able to set the default Track option for new rules to "Log", instead of "None":

Huge thanks to @Meital_Natanson and her team for developing it!

Han_Lung_Kuo · ‎2025-06-03

that is good news, thank checkpoint 🙂

Amir_Senn · ‎2025-06-04