Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
D_TK
Collaborator

Log exporter and mobile access blade

Jump to solution

Started using the log exporter to send logs to a new SIEM.  The only issue so far is that i'm not seeing anything from the mobile access blade sent.  i'm getting all other logs.  I've even modified this file to only send mobile access, and absolutely nothing arrived at the SIEM.

Version is r81.10

Any ideas would be greatly appreciated.

Filter.png

0 Kudos
1 Solution

Accepted Solutions
D_TK
Collaborator

You are correct, it's not considered "Mobile Access".  Opened a tac and got it sorted out pretty quick.  This config got us to where we wanted to be:

 

tac.png

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Are you seeing Mobile Access logs in SmartView?
Note that anything involving a VPN client won’t necessarily show as Mobile Access.

0 Kudos
D_TK
Collaborator

Yeah, we're not looking for their traffic logs.  We're more interested in login locations so we can trigger the "geographically improbable" access alarm  if jane tries to log on from gig harbor and paris at the same time.

Here's what i currently see in smartview if i filter on blade:mobile access

 

mab.png

 

0 Kudos
PhoneBoy
Admin
Admin

I'm wondering if "Mobile Access" is actually the correct product here.
Try checking the raw logs with CPLogFilePrint: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

 

0 Kudos
D_TK
Collaborator

You are correct, it's not considered "Mobile Access".  Opened a tac and got it sorted out pretty quick.  This config got us to where we wanted to be:

 

tac.png

0 Kudos