This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RedPill15
Participant
‎2020-12-06 11:50 PM

IPS Update Email Alert

Hi,

May i know how can i setup an Email alert when IPS update is failed using  SmartEvent?

 

Thank you.

Labels
0 Kudos
9 Replies
G_W_Albrecht
Legend
Legend
‎2020-12-07 12:57 AM

See Logging and Monitoring Administration Guide R80.30 p.63ff !

CCSE CCTE CCSM SMB Specialist
0 Kudos
RedPill15
Participant
‎2020-12-07 01:36 AM

@G_W_Albrecht  Thanks, so do you mean there's no default options for it but  I need to create an external script instead?

0 Kudos
G_W_Albrecht
Legend
Legend
‎2020-12-07 03:18 AM

No, you create an SE automatic reaction - look at the long description in Logging and Monitoring Administration Guide R80.30 p.63ff !

CCSE CCTE CCSM SMB Specialist
0 Kudos
Amir_Senn
Employee
Employee
‎2020-12-07 06:17 AM

You need to create a custom event and find the logs that describe the failure to upgrade. It's not easy but I found something. Please note that this is the reason I created on my lab and your reason for failure may differ. This is why it's important to see a failure log in your env.

Try to set type Control and description/reason to "Could not download from "http://updates.checkpoint.com/WebService/services/DownloadMetaDataService?wsdl". Server error occurred."

Capture.PNG

 After you're defined this correctly you can add auto-reaction for this.

Kind regards, Amir Senn
G_W_Albrecht
Legend
Legend
‎2020-12-07 06:37 AM

Yes, that is a more detailed descripton of how to achieve that 😎

CCSE CCTE CCSM SMB Specialist
0 Kudos
RedPill15
Participant
‎2020-12-24 01:42 AM

Based on the log that I found, I tried to create the event as below to trigger the event however I didn't receive any email alert for this. Any advice? (checked mail alert configuration is fine)

Screenshot_2.pnge?

Screenshot_5.png

thanks.

0 Kudos
Amir_Senn
Employee
Employee
‎2020-12-24 01:50 AM
In response to RedPill15

This is for a successful update.

SmartEvent has an issue creating new audit events. If you created it from scratch it won't work. If you want to create an audit event, go to an existing event, right click -> Properties , edit your event and save as a new event.

Kind regards, Amir Senn
0 Kudos
RedPill15
Participant
‎2020-12-27 09:00 PM
In response to Amir_Senn

Thank you Amir but unfortunately  it couldn't solve the problem also. I tried to filter  "Administrator equal to admin for Any product" only for the customized event but there's no any related email alert.

Any suggestions for the filter settings ?

Thanks.

0 Kudos
Amir_Senn
Employee
Employee
‎2020-12-28 01:39 AM
In response to RedPill15

I suggest going to an existing event, such as 'Check Point administrator login at irregular hours' (under 'Unauthorized Entry'), right click -> properties.

Under <Any>, change the 'Subject Equal' to 'IPS Update' and delete the 'General Information Equal' from filters. Also change radio button to 'Any Condition'.

If this doesn't work you can try same thing with 'Operation' 'IPS Update' instead/in addition to 'Subject Equal'.

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events