This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sandeepsutar
Participant
‎2025-10-26 11:19 PM

Reports generation for older logs

Hello Experts,

I have enabled the SmartEvent and Correlation blades today. However, my requirement is to generate a report for the last week.

All logs (for the past 90 days) and indexed logs are available on the same management server — this is also where the SmartEvent blade is enabled. The management server collects logs from all remote-location firewalls.

Currently, when I generate a report, it only shows data from today.

Is there anything else I need to configure or perform (such as reprocessing logs) to include data from the previous week in the report?

The goal is to generate a 1-week report for a specific remote location.

Regards,

0 Kudos
7 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-10-27 01:42 AM

Please review the available knowledge articles such as sk111766.

CCSM R77/R80/ELITE
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-10-27 04:05 AM

I have dedicated smart event in R82 lab. Is this for specific blade you are trying to do? I can easily try see if I can make it work.

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
‎2025-10-27 06:03 PM

Check on your management object if this setting is enabled:

image.png

If it was not enabled by default, you probably did not install enough RAM in your management/SmartEvent system.
At least 8GB is needed for a small lab (much more for production).

If this setting is disabled, you will only be able to work with one log at a time, which covers at most a 24 hour period (starting at midnight).

0 Kudos
Blason_R
MVP Gold
MVP Gold
‎2025-10-28 12:32 AM

I guess he is mentioning about a report for specific firewall? Is that so? else creating a report is pretty simpler and straight forward task

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2025-10-28 10:06 AM

Log indexing for "regular" log use and Indexing for SmartEvent is not the same.

SmartEvent indexing is heavier and more resource consuming. In order to produce SmartEvent reports, those will need to be indexed again.

Kind regards, Amir Senn
0 Kudos
sandeepsutar
Participant
‎2025-10-28 10:49 PM
In response to Amir_Senn

Hello,

I followed SK111766 on October 28th at 10 AM and reindexed the logs for the last 14 days, but unfortunately, there’s still no success.

When I check the $RTDIR/log_indexes directory, it only shows entries starting from smartevent_2025-10-25T12-00-00 — which corresponds to the date when the SmartEvent blade was enabled.

It appears that the reindexing process did not generate the SmartEvent index files for the earlier dates.
Is there any way to generate these indexes manually?

Note: The objective is to generate a 1-week report (October 19th–24th) for a specific remote location.

Regards,

 

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-10-28 11:23 PM
In response to sandeepsutar

From what you've said it sounds like you enabled the blades on the existing management server that has already indexed the log files before SME was enabled. As it says in the SK, "The solution procedure below will not work properly if the files that need to be re-indexed are already listed as indexed."

You will need to follow the linked SK to reindex the log files you wish to run reports on, from before you enabled SmartEvent. Anything since the enabling is fine and does not need to be reindexed.

https://support.checkpoint.com/results/sk/sk164553

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events