- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hello,
while installing policy I wanted to review changes but my audit log is empty. Are there changes which are excluded from audit log?
User account is super user and I am viewing the logs within specified time.
Is there any way to check differences from last revision.
Cheers
While most changes generate an audit log (e.g. to objects and rules), there are a few changes that do not.
Changes to Global Properties is the most common culprit here, but there may be a few others.
I agree with Phoneboy. I know this as a fact actually, becaise I tested it in the lab and could not find any audit log. Any time I would do this in R80.20, R80.30, R80.40, R81.10 and R81.20, it was exact same behavior.
Best,
Andy
@Denis_Ruzicka Ok, I take my statement back. Maybe thats not 100% true. I just tried on R81.20 Azure mgmt server and changed global property setting and it actually show in the audit log. What was the change you made?
Andy
I will be honest I don't know.
I know I was hovering around objects and access rules at the end I was focused on VRRP addresses. But in the end of my session I chose to not touch them during production time. When I was closing the session I saw 5 changes which I though were some tiding changes like names of objects and so on. I published them with the plan to review changes upon installation (irresponsible, I am going to abandon the practice ).
And when I was about to install the policy I saw nothing in the audit log.
My plan is to do backup and revert to revision before the last Publish.
Thats fair. Do you remember EXACTLY what you had changed? If yes, can you please let us know, so I can test it in the lab.
Best,
Andy
I am very grateful that you want to find what exactly isn't being logged in audit log. This is beneficiary for me and the community.
But that is my issue in this case I don't know what exactly I have changed. What I think might cause this is that I might have opened some properties renamed something but later in the session I changed it back... to original name therefore it might not be logged because there is no change between revision? That might be worth a try.
Yes, no problem, always happy to help. Let me try that, I will change something random in global properties, save, then change it back. Will report if I see audit log about it.
Andy
K, just changed random setting in global properties, saved, changed it back, saved and I see the audit logs for it
Andy
Thank you. When I get this fixed I will try some changes related to the task I was doing and see if they create log. Only now I will note what exactly I do.
I will be reverting to previous revision this weekend. Do you have any recommendation if I should check something before reverting?
Thank you for your help it is appreciated.
Denis
Any time mate 🙂
It may be this is fixed in R81.20 (or some version past R80.40).
Its weird, cause last time I did it in R81.20, definitely did not show any audit logs. Cant recall now exactly what I changed in glonal properties...
Andy
Ok so in the end we created backups and then installed the new policy. Everything works and I haven't noticed anything.
Today I tested and found out that on R80.40 if you open Gateway Cluster Properties -> Network Management -> double click network interface -> click "Ok" while changing nothing -> click "Ok" in Gateway Cluster Properties window.
The smart console freezes for a while then the properties window closes then it freezes again.
In that moment I see 3 changes in session. When install them I see in audit log
The change : "@Interface Index: '1', '2', '3', '4', '5', '6', '7', '8', '9', '10', '11', '12', '13', '14', '15', '16', '17', '18', '19', '20', '21', '22', '23', '24', '25', '26'...."
Which I presume is automatic Index updates which would happen if I were to change an interface (though I didn't)
I have tried few other things but I always generate some kind of update for given box or cluster I can see some audit logs.
So all good now, you can see audit logs as expected?
Andy
Yes everything works now and I can see audit logs. However, there are clearly actions which will cause changes but no audit logs. I just didn't find them.
Sorry brother, wish I had R80.40 to test with, but I dont : - (
Andy
Thanks for consultations. We will be upgrading to newer version hopefully I won't get into same situation in future.
I am positive that in R81.20 you would never have this issue. I changed so many things as a test in last week and every time audit logs showed up.
Best,
Andy
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
30 | |
16 | |
4 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 | |
2 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY