Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kevin_t
Participant

Failed Policy Install Logging

Morning All, thanks in advance for any insight!

 

We are looking at exporting audit logs to our SIEM, and got the connection working and everything.  We scheduled our policy installs to happen automatically, and we would like alerting to happen based on failed policy installs.  That being said, we cannot find anything in any logs that indicate a failed policy install!  Just wondering if anyone had any insight into if this gets logged, and if so - where are they?

 

Thanks again!

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

I know when the gateway begins enforcing a new policy, that action will generate a log that should get exported to the SIEM.
I don't believe failed policy installs generate log entries at all.
Details about this only appear in SmartConsole as far as I know.
0 Kudos
Amir_Senn
Employee
Employee

If you have SmartEvent server you can create an event for any traffic/audit logs.

There's a pre-defined event for successful policy installations, it checks for audit logs for successful policy installation but it could easily be changed to an event that generates for failed attempts to install policy.

To any event you can attach an automatic reaction such as email.Capture.PNG

Kind regards, Amir Senn
0 Kudos
Tal_Paz-Fridman
Employee
Employee

You should receive an Audit Log for the failure.

Go to - SmartConsole > Logs & Monitor > New tab > Audit Logs View

Audit Log - Install Policy Failure.jpg

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events