Thanks for your update. 

When will this limitation be resolved? Will it be resolved in the next version? (Such as R80.20 or R80.30)

Sure, it is in our roadmap and will be added in future versions.

Exact release target has not been finalized.

I would like to export firewall logs, the Web based SmartView (available at https://management-ip/smartview) does not show the access rule name or number. Is there a way to add these?

As far as I know there is not, at least in the Log view.

In the reports view, it's possible to create a report that includes the Rule Name.

For me, at least, was not showing the Rule Name.

it, it 

Thanks Dameon,

Is Reports view something that needs to be enabled? I seem to only have "Open Log View" and "Open Audit Log View".

Click on the plus (far right tab).

From here, you can create a New View:

Specify category Access Control:

Then you can add a widget using the screenshot I showed earlier.

I believe this requires SmartEvent blade and license to function as depicted, else you'll see only the Log View and Audit Log View options.

Can you tell me what befell those who had SmartReporter licence and blade active in R77 after upgrade to R80.10?

SmartReporter doesn't exist in R80+.

If you only have a license for this and you haven't yet traded in for SmartEvent, you will need to work with your Check Point rep/partner to trade in for a SmartEvent license. 

no need for SmartEvent license to export logs.

Hi, Phone Boy,

How about this issue now ? Does it resolve ?

Thanks!

Hi,

From R80.20 and above you can export up to a 1 million logs. You can do it using the SmartView webapp.

From any server with a logging module (SMS/MDS, Log Server, SmartEvent) just surf to https://<server-IP>/smartview

Log in with same credentials. Go to the logs view -> Options -> Export -> Export to Excel.

Hello PhoneBoy; 

We have a MDS, MDL in R80.30 with HF T237.  We cannot have more than 10k of logs in SmartView. 

Any idea, please? 

Not sure I follow.
You mean you can’t export more than 10k logs to CSV (the subject of this thread) or you can’t view more than 10k of logs?
Regardless, this will probably require a TAC case.

Hello PhoneBoy, 

Both, I have done a query to have logs for 30days, normally I should have more than 10k logs but smartview shows not more than 10K and when I export, the CSV contains only the logs that I saw in smartview (not more than 10k logs).  

Before I install the HF, we could get up to 1M logs in excel file. Now the only option of export log format is CSV. 

I have restarted the indexer service and installed the database on the domain, but it has not solved the issue. 

Is there another process or service I should check? 

Could it be a known issue with the HotFix T237 of R80.30? 

Thanks in advance for your support on this. 

As far as I know, this limitation still exists and does not have an immediate fix.

It is expected to be addressed in a later release, as noted elsewhere in this thread.

what bug?

you can export through  https://management-ip/smartview

I'm not sure if you call it a bug or non-feature. But this doesn't work the way most security engineers expect it to. (I have been through CP support on this). SmartView only reports on what CP has decided is a security event or incident. So when it calculates bandwidth or logs or the like it is only these.

For instance I wanted to be able to report all access (Accept or Drops) to the NTP service. Even though we log each of these, and those logs are sent to the SmartEvent server, SmartView isn't interested in reporting these.

I am interested though, as the security gateway clearly is logging these, and being at the centre of the network, is the most obvious point to instrument from. Very frustrating particularly as we went to the effort of justifying the additional CP licence for this on the basis of the visualisation it could give us.

The following thread is probably relevant to the conversation:

Re: Creating reports with tracking "per connection"‌

Thanks Dameon,

It looks relevant, but still doesn't address why the SmartView tool simply misrepresents the operating state of the system. We have been logging pretty much everything that passes through our security gateway (from when it was greenfield 6 months ago, and as we migrated the legacy workloads into the new datacenter environment). We did this so we could analyse the state of the environment to help us close the loop and the security policy and the overall network state of the environment. If the suggestion is to add "Session" logging to everything, well and good, but why isn't this the default (or at least a suggestion) when the SmartEvent server is deployed.

It just is ludicrous when we thousands of NTP logs per hour, yet running SmartView to report on NTP gives nada. It's just not sane defaults.

From my R80.20.M1 system, this seems to be working as expected.

Even in older releases, I would expect this to work.

You may want to engage the TAC for further troubleshooting.

Hi All, 

Anyone knows if this "bug" is actually solved or there is any kind of dedicated fix for R80.10 or included in a specific SmartConsole package?

Ciao e grazie

Diz 

or replace IP with hostname: 
https://mgmt-hostname/smartview