Solved: Re: Security logs rule_action maning

gcarella · ‎2022-05-19

Hi all,

I'm analyzing a security logs that has fields action="accept" and rule_action="2".

What does it mean ruel_action field?

From official documentation rule_action is the "Action of the matched rule in the access policy".

Description of Fields in Check Point Logs

Anyone has an idea?

Thank you.

Gianluigi

Chris_Atkinson · ‎2022-05-19

Action of matched rule
Possible values:
0 - Drop
1 - Reject
2 - Accept
3 - Encrypt
4 - Decrypt
17 - Authorize
18 - Deauthorize
30 - Bypass
33 - Block
34 - Detect
39 - Do not send
43 - Allow
46 - Ask User
61 - Extract

CCSM R77/R80/ELITE

View solution in original post

Chris_Atkinson · ‎2022-05-19

Action of matched rule
Possible values:
0 - Drop
1 - Reject
2 - Accept
3 - Encrypt
4 - Decrypt
17 - Authorize
18 - Deauthorize
30 - Bypass
33 - Block
34 - Detect
39 - Do not send
43 - Allow
46 - Ask User
61 - Extract

CCSM R77/R80/ELITE

gcarella · ‎2022-05-19

Thank you Chris.

the_rock · ‎2022-05-19

Just curious, is there a document showing that anywhere?

Are you a member of CheckMates?

Security logs rule_action maning