Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
biskit
Advisor

Reports Base on User Groups

I'm trying to create a simple report for VPN user log in activity based on User Groups.

I'd like the report to be filtered on "User Group" > "Equals" > whatever.....

It isn't working.

When I add the User Group column to my report and filter on my username instead, I get a report but the User Group column is empty which explains why the report I want doesn't work.  

Anyone know why User Group is empty in the report?  The user shown in the report is a Check Point user, and is in multiple User Groups...

Capture.PNG

0 Kudos
15 Replies
PhoneBoy
Admin
Admin

If you pull up the individual log entry, do the groups show there?

0 Kudos
biskit
Advisor

Yep.  That username is in 3 groups, and all 3 groups show on the log card for the "Log In" event.  So the data is there but the Reports aren't populating it 🙄

0 Kudos
PhoneBoy
Admin
Admin

What kind of group is it?
One of the legacy ones or an Access Role?

0 Kudos
biskit
Advisor

This is all legacy users and groups.

0 Kudos
Leader_Kiongi
Contributor

@biskit , did you find a solution ? I have the same issue with SmartView. I can see those groups in SmartConsole but not with SmartView. 

 

Thanks !

Regards,

Alain

0 Kudos
Amir_Senn
Employee
Employee

Hi,

I tried to use the column in SmartView and I got answers (for both statistical and logs tables). Also worked as a filter.

So at this point I have a few ideas about this:

1. We have a few views that were made in the following link, perhaps one of those suits for you https://community.checkpoint.com/t5/SmartEvent/bd-p/SmartEvent

2. Please check that the relevant user group appears in the logs you filtered. Best way it to start drill down until you get the actual logs.

3. If information appears on VPN logs, might be the field is not indexed for SmartView. Perhaps creating an event based on this logs (via correlation unit/SmartEvent) we can take the relevant information from the correlated log instead of the VPN.

4. My test logs are IDA based, FYI.

Capture2.PNGCapture3.PNG

Kind regards, Amir Senn
0 Kudos
Leader_Kiongi
Contributor

Thanks @Amir_Senn  for your response. Unfortunately, views you provided don't suit my needs. What I'm trying to do is exporting all AD groups still used for VPN authentication. I can only do that in SmartView. The issue is that  User Group column is empty in SmartView but I do see data in SmartConsole. When I click on individual logs, I see those groups in logs details (see screenshots enclosed). What could be wrong ?

 

Thanks in advance for your help.

 

Regards,

Alain Ikula

0 Kudos
Amir_Senn
Employee
Employee

In the table settings, click on the object and try to check this box: Capture3.PNG

Another possibility is that you're filtering too much logs. Try to apply the same filter from SmartView to logs view and see that the filter brings desired logs.

Kind regards, Amir Senn
0 Kudos
Leader_Kiongi
Contributor

Which table are you talking about ? I'm using exactly the same filter in SmartConsole as in Web SmartView. Here's the filter: 

(((action:"Log In")) AND (product:"Mobile Access")) AND (NOT action:"Failed Log In").

 

Thanks !

 

Regards,

Alain

0 Kudos
Amir_Senn
Employee
Employee

I meant comparing between SmartView (not webapp but views and reports tool) and logs view (no difference between webapp and SmartConsole).

This is how to edit the table in SmartView:

1. Open view in edit mode

2. Click on the wheel in the corner (highlighted)

3. Select the desired field (User Group)

4. Uncheck the "Show results with empty value".

Capture3.PNG

Kind regards, Amir Senn
0 Kudos
Leader_Kiongi
Contributor

Thanks @Amir_Senn . As User Group is also empty in Smartview (view s tool in SmartConsole, see enclosed), I have no data when I uncheck "Show results with empty value". So, this values seem to disappear between logs in SmartConsole and SmartView (whether views tool in SmartConsole or SmartView WebApp). Do you know why ?

 

Thanks again for your support.

 

Regards,

 

Alain 

0 Kudos
Amir_Senn
Employee
Employee

Then my next steps will be:

a. Version/JHF upgrade/update to see if issue was already solved

b. TAC support

Kind regards, Amir Senn
0 Kudos
JozkoMrkvicka
Mentor
Mentor

use Web SmartView (https://xxx.xxx.xxx.xxx/smartview) with filter "Log In". With that, you can export all relevant logs and User Groups will be exported.

I never used SmartConsole SmartView tab for exporting, since you can export only logs which you see on screen. Anyway, there is some bug over there with showing User Groups in SmartConsole summary logs.

Kind regards,
Jozko Mrkvicka
0 Kudos
Leader_Kiongi
Contributor

This is exactly what I'm doing, as it's not possible to export logs to csv from SmartConsole (see enclosed).

 

Thanks !

Regards,

Alain IKULA

JozkoMrkvicka
Mentor
Mentor

forgot to mention that within Web SmartView, you have to export ALL collumns, NOT the visible ones.

If you do export of all collumns, User Groups will be in csv.

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events