This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Robert_Mueller
Collaborator
‎2018-08-06 06:18 AM

R80.10 SmartEvent/Views - Blades missing

Hi,

I've successsfully installed a R80.10 SmartEVent Server in dne MDM and it receives the LOGs but inthe views I can only see events from the FW blade.. not from ThreatPrevention or IPS.. is there somewhere a filter, which I haven't seen?

Edit: All Log Events (IPS; Threat Prevention, Anti-Malware....) are in the LOG of the SmartEvent Server

General View - Only Logs from FW Blade

LOG View - Entries from all blades are on the SME Server:

Br

Robert

6 Replies
Robert_Mueller
Collaborator
‎2018-08-08 10:52 AM

Hi - Nobody an idea what's wrong with my SmartEvent/SmartView Server??

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-08-08 11:14 AM

If you are configuring a SE server for a Multi Domain environment (MDM), you need to go to a new tab and then in the bottom left open the SmartEvent legacy application to configure the Domains it will accept and also add those to the correlation unit to have it correlate events.

Regards, Maarten
Kfir_Dadosh
Collaborator
‎2018-08-08 12:00 PM

When querying for logs, regardless on what machine you're on, query goes to the log servers.

When running views and reports, queries are running against the SmartEvent server.

In order to make sure logs really got to the SmartEvent Server, open a view, and drill down by double clicking one of the widgets.

You should see the logs (if you get a view, drill down further), but you should notice also a "Session Only" tag.

This tells the SmartLog to look for logs on the SmartEvent machine.

Now you can clear the "drill down" filter, keeping the "Session Only" tag, and run custom query to see what really are the logs that indexed in SmartEvent.

Robert_Mueller
Collaborator
‎2018-08-09 12:53 AM
In response to Kfir_Dadosh

Hi - Thanks for your answer - it seems that the SME only receives FW Events.. but what have I to do to receive all events from all blades?? Sorry for the rookie question but IÄm new to R80.10 SME Smiley Happy

Robert

Robert_Mueller
Collaborator
‎2018-08-10 03:32 AM
In response to Kfir_Dadosh

The problem is also with the OPSEC Receiver (Splunk) it receives FW Logs but no others... what have I to change that all other logs will be transmitted (as it was in R77.30)...

0 Kudos
Robert_Mueller
Collaborator
‎2018-10-04 05:04 AM

Well.. the problem is solve... after installing "JHF 151" everything works fine.. and noone knows "why"..

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events