- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Drop Logs Analyzer
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Drop Logs Analyzer
Hi Team, My name is Marcos and I would like to find the most efficient way to analyze the drops recorded at the CheckPoint logs (SmartLog R77.30). This way I can identify if there are valid communications that need to be allowed in our network or if we may need to contact the source of these drops to stop sending not permitted packets.
I hope someone can help me with the appropriate tool/knowledge to perform this task.
Something interesting could be to find the way to sort these drops based on source/destination IP address, the number of times they are hitting the firewall...
Thanks for your help in advance.
Best regards,
Marcos M.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately, the amount of detail you get from a Drop log won't necessarily tell you whether it should be permitted or not as that's a matter of the specific policy your organization has set.
That said, you can easily find all the drops and find "top talkers" and the like in SmartLog.
Use the search term Action:Drop in order to find all the recent dropped and logged packets.
You can then drill into the top sources/destinations as appropriate.
As you click items under the "Tops" tab on the right, your search terms will be adjusted to show only packets that match that criteria.
