Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BigHec
Contributor
Jump to solution

Logs Exporter - Will the traffic bytes value include in the logs when sending to SIEM?

Hi All,

I do have a question related to the Management Server Logs Exporter feature.

I would like to know if the "Accounting" logging did enable in the Security Policy Layer only, will the total bytes value of the connections will get included in the logs as well when sending out to our SIEM via Logs Exporter?

So that our SIEM side able to get all the information related to the total bytes used of the connections.

Thank you

0 Kudos
3 Solutions

Accepted Solutions
Vincent_Bacher
MVP Silver
MVP Silver

In short: yes. 
as I have not much time please check this discussion, I guess it will help

https://community.checkpoint.com/t5/Management/Management-audit-logs-with-Log-Exporter/td-p/247807

cheers

Vince

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin

You should get bytes for Accounting, Detailed, and Extended logs via Log Exporter.
Records are sent via Log Exporter every 10 minutes until the session is closed.

View solution in original post

0 Kudos
the_rock
MVP Diamond
MVP Diamond

Yes, they would be. We get those details in our siem from the clients' logs in S1C.

Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

0 Kudos
7 Replies
Vincent_Bacher
MVP Silver
MVP Silver

In short: yes. 
as I have not much time please check this discussion, I guess it will help

https://community.checkpoint.com/t5/Management/Management-audit-logs-with-Log-Exporter/td-p/247807

cheers

Vince

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
PhoneBoy
Admin
Admin

You should get bytes for Accounting, Detailed, and Extended logs via Log Exporter.
Records are sent via Log Exporter every 10 minutes until the session is closed.

0 Kudos
the_rock
MVP Diamond
MVP Diamond

Yes, they would be. We get those details in our siem from the clients' logs in S1C.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
BigHec
Contributor

Hi @the_rock ,

As for what I know there are Accounting Logging both for Access Policy Layer & Application Control Layer separately.

Mind I ask what are the actual difference between the Accounting Logs among these two different layers? Are they the same during the the logging part or no?

Thank you

the_rock
MVP Diamond
MVP Diamond

From my experience, has the same function.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/To...

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
fatihah97
Explorer

Hi All,

Really appreciate for your explanation and information provided.

Because as for what I know that the Access Policy Layer and Application Control Layer do have the Accounting Logging separately.

Does the total traffic byte get are the same among both of the layers? Or what are the different between the Accounting Logs for the Access Policy Layer and the Application Control Layer?

Thank you

0 Kudos
PhoneBoy
Admin
Admin

Accounting and Detailed/Extended log the number of bytes passed through the gateway.
We don't count the bytes twice because they're matched by different rules in different layers.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events