This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BigHec
Contributor
‎2026-02-02 10:39 PM
Jump to solution

Logs Exporter - Will the traffic bytes value include in the logs when sending to SIEM?

Hi All,

I do have a question related to the Management Server Logs Exporter feature.

I would like to know if the "Accounting" logging did enable in the Security Policy Layer only, will the total bytes value of the connections will get included in the logs as well when sending out to our SIEM via Logs Exporter?

So that our SIEM side able to get all the information related to the total bytes used of the connections.

Thank you

0 Kudos
3 Solutions

Accepted Solutions
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-02-03 12:04 AM
Jump to solution

In short: yes. 
as I have not much time please check this discussion, I guess it will help

https://community.checkpoint.com/t5/Management/Management-audit-logs-with-Log-Exporter/td-p/247807

cheers

Vince

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin
‎2026-02-03 11:11 AM
Jump to solution

You should get bytes for Accounting, Detailed, and Extended logs via Log Exporter.
Records are sent via Log Exporter every 10 minutes until the session is closed.

View solution in original post

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-03 08:02 PM
Jump to solution

Yes, they would be. We get those details in our siem from the clients' logs in S1C.

Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

0 Kudos
7 Replies
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-02-03 12:04 AM
Jump to solution

In short: yes. 
as I have not much time please check this discussion, I guess it will help

https://community.checkpoint.com/t5/Management/Management-audit-logs-with-Log-Exporter/td-p/247807

cheers

Vince

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
PhoneBoy
Admin
Admin
‎2026-02-03 11:11 AM
Jump to solution

You should get bytes for Accounting, Detailed, and Extended logs via Log Exporter.
Records are sent via Log Exporter every 10 minutes until the session is closed.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-03 08:02 PM
Jump to solution

Yes, they would be. We get those details in our siem from the clients' logs in S1C.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
BigHec
Contributor
‎2026-02-08 06:15 AM
In response to the_rock
Jump to solution

Hi @the_rock ,

As for what I know there are Accounting Logging both for Access Policy Layer & Application Control Layer separately.

Mind I ask what are the actual difference between the Accounting Logs among these two different layers? Are they the same during the the logging part or no?

Thank you

the_rock
MVP Diamond
MVP Diamond
‎2026-02-08 06:29 AM
In response to BigHec
Jump to solution

From my experience, has the same function.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/To...

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
fatihah97
Explorer
‎2026-02-08 06:10 AM
Jump to solution

Hi All,

Really appreciate for your explanation and information provided.

Because as for what I know that the Access Policy Layer and Application Control Layer do have the Accounting Logging separately.

Does the total traffic byte get are the same among both of the layers? Or what are the different between the Accounting Logs for the Access Policy Layer and the Application Control Layer?

Thank you

0 Kudos
PhoneBoy
Admin
Admin
‎2026-02-09 03:39 PM
In response to fatihah97
Jump to solution

Accounting and Detailed/Extended log the number of bytes passed through the gateway.
We don't count the bytes twice because they're matched by different rules in different layers.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events