- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Log reporting
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Log reporting
Hi,
I'm new here with this subject but I can't find solution so I'm trying it here. I have R80.40 and my goal is to create the report where I can see communication of source IP addresses with hit counts and actions to specific destination IP on specific destination port. Let's say I just want to see simple list of sources communicating to some specific DNS server.
I was able to do something like that in reports but problem is that I can't see the data like in "Logs" page (many and many lines) but I only see something different - it looks like it somehow do some security report from blades but it ignores all accepted communication from firewall and filtering to firewall blade shows some "nonsense" (probably not nonsense - there is probably reason why it shows something like that - but from my point of view it looks like nonsense when I see drop from only one source but in Log window I can see drop from hundreds of sources in one hour range ... ). But I need that too (to see accepted communication too) so I can see that there is for example communication from 192.168.1.2 and a few other sources to some DNS like 10.10.10.10. So for example between 192.168.1.2 and DNS server the communication was accepted in X logs but for example between another IP it was dropped Y times etc.
Is something like that possible in reports (show some access statistic table with sorted data from "Logs" table)? I saw some materials like: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_LoggingAndMonitoring_AdminGu... but I couldn't find solution for my goal. So I just did some filter in "Logs" page and exported that query to MS Excel and did what I want in Excel. The result was what I needed but it would be much easier if it was possible in reports just to filter log to some destination IPs, port:53 and sort it by source with Log counts and action. So I can see for example 400 lines with hits to my query and not 1000+ of logs with zero informational value without some calculus. Is it possible to make something like that in report tool?
Thank you for advices,
V.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Firewall connection logs are not indexed by default.
That can be addressed via: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Firewall connection logs are not indexed by default.
That can be addressed via: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's it, thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is good link here for that topic too: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
