This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_C1
Advisor
‎2021-09-22 07:38 AM

Hit counts show recent "Last hit" but no logs

Wondering if anyone else has encountered this issue. The hit counter for a certain rule shows a "Last hit" recently (seven days ago in the screenshot) but when I look in the actual logs, nothing shows up.

Hit counts.jpg

Track Settings are set to Log, no Accounting, Log Generation per Connection.

I'm trying to clean out a few rules that (I think) are unused.

Thanks,

Dave

 

0 Kudos
4 Replies
JozkoMrkvicka
Authority
Authority
‎2021-09-22 11:15 AM

I never used showing Logs per rule within the policy package - as it never worked.

Try to right click on the rule, then "Copy Rule UID". Go to SmartLog (SmartView) and paste the copied rule UID as filter string. Now you will get all logs for this one specific rule.

If you want to see logs from more rules, use logical operator "OR" between rule UIDs within the filter.

Kind regards,
Jozko Mrkvicka
David_C1
Advisor
‎2021-09-23 06:27 AM
In response to JozkoMrkvicka

Thanks for this tip. Once I got the search field name correct (layer_uuid_rule_uuid:) I was able to find logs from some rules that I would expect but not others. I also found that in at least one case, I had to remove the underscore _ to get results. In the Logging and Monitoring guide, it says:

For faster results, use this syntax in the query search bar:
layer_uuid_rule_uuid:*_<UID>
For example, paste this into the query search bar and click Enter:
layer_uuid_rule_uuid:*_46f0ee3b-026d-45b0-b7f0-5d71f6d8eb10

 

However, in at least one search, I didn't get results with the _ included. When I removed it and searched on *<UID> I got results.

Seems in general searching via Rule UID is at best unreliable.

Dave

 

the_rock
Legend
Legend
‎2021-09-22 11:29 AM

I had same issue before and TAC advised it could be cosmetic issue, but I never pursued it further. This was back in R80.10 version, though I still see same issue in R81.10

0 Kudos
birju
Explorer
‎2024-09-05 07:05 AM

Hi David,

I am facing a weird issue that there is not hit count and logs available at console but services are still running.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top