This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Raymond134547
Explorer
yesterday

Exported Logs Missing Fields

Hello,

I've configured Log Exporter on my Mgmt Server with no customizations other than the server I'm sending to and format:

This is Check Point Security Management Server R81.20 - Build 024
This is Check Point's software version R81.20 - Build 054
[SecurePlatform]
HOTFIX_GAIA_API_AUTOUPDATE
HOTFIX_R81_20_JUMBO_HF_MAIN Take: 118

We are sending CEF over TCP.

Our rulebase uses Accounting for quite a few rules, and viewing logs in SmartConsole shows Client Inbound Bytes, Client Outbound Bytes, Server Inbound Bytes, and Server Outbound Bytes quite clearly.

However, when I capture what is being exported from the Mgmt Server, I am missing the Client Inbound Bytes and Client Outbound Bytes.  I'm still sending:

client_inbound_packets

client_outbound_packets

server_inbound_bytes

server_inbound_packets

server_outbound_bytes

server_outbound_packets

But where are my client inbound / outbound bytes in the export? I've done some lengthy captures, and that data just isn't being exported. Can anyone think of what I could be missing?

Thanks,

Ray

0 Kudos
3 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
yesterday

So no filters are applied, which read mode is used semi-unified or raw etc?

CCSM R77/R80/ELITE
0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
11 hours ago

Which SIEM are you using?

Kind regards, Amir Senn
the_rock
MVP Platinum
MVP Platinum
9 hours ago

I believe @Amir_Senn actually brought up super valid point, it definitely can depend of what SIEM you ar using.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events