This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dupacv
Participant
‎2021-08-17 01:07 PM
Jump to solution

Log reporting

Hi,

I'm new here with this subject but I can't find solution so I'm trying it here. I have R80.40 and my goal is to create the report where I can see communication of source IP addresses with hit counts and actions to specific destination IP on specific destination port. Let's say I just want to see simple list of sources communicating to some specific DNS server.

I was able to do something like that in reports but problem is that I can't see the data like in "Logs" page (many and many lines) but I only see something different - it looks like it somehow do some security report from blades but it ignores all accepted communication from firewall and filtering to firewall blade shows some "nonsense" (probably not nonsense - there is probably reason why it shows something like that - but from my point of view it looks like nonsense when I see drop from only one source but in Log window I can see drop from hundreds of sources in one hour range ... ). But I need that too (to see accepted communication too) so I can see that there is for example communication from 192.168.1.2 and a few other sources to some DNS like 10.10.10.10. So for example between 192.168.1.2 and DNS server the communication was accepted in X logs but for example between another IP it was dropped Y times etc.

Is something like that possible in reports (show some access statistic table with sorted data from "Logs" table)? I saw some materials like: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_LoggingAndMonitoring_AdminGu... but I couldn't find solution for my goal. So I just did some filter in "Logs" page and exported that query to MS Excel and did what I want in Excel. The result was what I needed but it would be much easier if it was possible in reports just to filter log to some destination IPs, port:53 and sort it by source with Log counts and action. So I can see for example 400 lines with hits to my query and not 1000+ of logs with zero informational value without some calculus. Is it possible to make something like that in report tool?

Thank you for advices,

V.

V.D.
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-08-17 02:17 PM
Jump to solution

Firewall connection logs are not indexed by default.
That can be addressed via: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
‎2021-08-17 02:17 PM
Jump to solution

Firewall connection logs are not indexed by default.
That can be addressed via: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

dupacv
Participant
‎2021-08-17 10:06 PM
In response to PhoneBoy
Jump to solution

That's it, thank you!

V.D.
0 Kudos
dupacv
Participant
‎2021-08-18 02:56 AM
In response to dupacv
Jump to solution

There is good link here for that topic too: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

V.D.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events