- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: Reports Base on User Groups
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reports Base on User Groups
I'm trying to create a simple report for VPN user log in activity based on User Groups.
I'd like the report to be filtered on "User Group" > "Equals" > whatever.....
It isn't working.
When I add the User Group column to my report and filter on my username instead, I get a report but the User Group column is empty which explains why the report I want doesn't work.
Anyone know why User Group is empty in the report? The user shown in the report is a Check Point user, and is in multiple User Groups...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you pull up the individual log entry, do the groups show there?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yep. That username is in 3 groups, and all 3 groups show on the log card for the "Log In" event. So the data is there but the Reports aren't populating it 🙄
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What kind of group is it?
One of the legacy ones or an Access Role?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is all legacy users and groups.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@biskit , did you find a solution ? I have the same issue with SmartView. I can see those groups in SmartConsole but not with SmartView.
Thanks !
Regards,
Alain
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I tried to use the column in SmartView and I got answers (for both statistical and logs tables). Also worked as a filter.
So at this point I have a few ideas about this:
1. We have a few views that were made in the following link, perhaps one of those suits for you https://community.checkpoint.com/t5/SmartEvent/bd-p/SmartEvent
2. Please check that the relevant user group appears in the logs you filtered. Best way it to start drill down until you get the actual logs.
3. If information appears on VPN logs, might be the field is not indexed for SmartView. Perhaps creating an event based on this logs (via correlation unit/SmartEvent) we can take the relevant information from the correlated log instead of the VPN.
4. My test logs are IDA based, FYI.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @Amir_Senn for your response. Unfortunately, views you provided don't suit my needs. What I'm trying to do is exporting all AD groups still used for VPN authentication. I can only do that in SmartView. The issue is that User Group column is empty in SmartView but I do see data in SmartConsole. When I click on individual logs, I see those groups in logs details (see screenshots enclosed). What could be wrong ?
Thanks in advance for your help.
Regards,
Alain Ikula
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the table settings, click on the object and try to check this box:
Another possibility is that you're filtering too much logs. Try to apply the same filter from SmartView to logs view and see that the filter brings desired logs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Which table are you talking about ? I'm using exactly the same filter in SmartConsole as in Web SmartView. Here's the filter:
(((action:"Log In")) AND (product:"Mobile Access")) AND (NOT action:"Failed Log In").
Thanks !
Regards,
Alain
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I meant comparing between SmartView (not webapp but views and reports tool) and logs view (no difference between webapp and SmartConsole).
This is how to edit the table in SmartView:
1. Open view in edit mode
2. Click on the wheel in the corner (highlighted)
3. Select the desired field (User Group)
4. Uncheck the "Show results with empty value".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @Amir_Senn . As User Group is also empty in Smartview (view s tool in SmartConsole, see enclosed), I have no data when I uncheck "Show results with empty value". So, this values seem to disappear between logs in SmartConsole and SmartView (whether views tool in SmartConsole or SmartView WebApp). Do you know why ?
Thanks again for your support.
Regards,
Alain
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Then my next steps will be:
a. Version/JHF upgrade/update to see if issue was already solved
b. TAC support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
use Web SmartView (https://xxx.xxx.xxx.xxx/smartview) with filter "Log In". With that, you can export all relevant logs and User Groups will be exported.
I never used SmartConsole SmartView tab for exporting, since you can export only logs which you see on screen. Anyway, there is some bug over there with showing User Groups in SmartConsole summary logs.
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is exactly what I'm doing, as it's not possible to export logs to csv from SmartConsole (see enclosed).
Thanks !
Regards,
Alain IKULA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
forgot to mention that within Web SmartView, you have to export ALL collumns, NOT the visible ones.
If you do export of all collumns, User Groups will be in csv.
Jozko Mrkvicka