This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jberg712
Contributor
‎2022-06-23 06:48 AM

Searching for logs by country

Hi,

I'm trying to do some queries on the traffic to outbound to other countries.  I can't seem to do a query string that would show traffic by country.  Actually what i'm trying to do is look at the traffic that's NOT in the US.  We're looking at enhancing our GeoProtect policy, but i'm not able to figure out how to do so.  

One thing i've done is turned on Debug for SmartLog and I can see all the fields in the xml format and the dst_country is always coming up as "other".  Is this an issue or this something that can be fixed so this field can be used in searches?  Or is there a better way to search for traffic going to other countries and omit the ones I don't want to see?

Jonathan

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2022-06-23 06:55 AM

We don’t log the actual country, if I recall.
What you see in SmartView is generated from a local IP to Country mapping.

Your best bet is to create an ordered layer that will generate a log if not in the US (or whatever countries you wish to exclude).
It should be after all your other layers. 
You can then see what log entries match that rule.

0 Kudos
jberg712
Contributor
‎2022-06-23 07:44 AM

So then would I need to know the IP range for the US and omit that in the destination?  or rather put that and do a negate cell to omit it?

0 Kudos
Sorin_Gogean
Advisor
‎2022-06-23 07:57 AM

You can search the logs based on country like in the screenshots:

Untitled.pngUntitled.png

 

 

0 Kudos