Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mahadevan
Contributor

SmartDefense Alert log having NULL in Action Field

Hello All, 

Could please anyone let us know why we are getting NULL as action field in Smart Defense Alert logs. 

- [alert:""; flags:"286784"; ifdir:"inbound";....... 

Will Alert logs of SmartDefense not have value in Action field? 

Also we do see Accept, Drop and Prevent logs in action just the Alert logs are coming as empty in Action field. 

Your assist will be of great help to us. 

Thanks 
Muthu Mahadevan 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

What version/JHF?
Can you provide a full log card for the relevant entry in SmartView? (Redact sensitive details)

Mahadevan
Contributor

Hello, 

Thanks for your response. Below is our log for SmartDefense Alert log. 

- [alert:""; flags:"286784"; ifdir:"inbound"; loguid:"{0x886d04f8,0x275c7b0c,0x370475f0,0x77efba26}"; origin:"x.x.x.x"; originsicname:"cn=cp_mgmt,o=CHKP_R81..b792qm"; sequencenum:"11"; time:"1677752746"; version:"5"; attack_info:"SYN Defender: New config has been loaded: Disabled"; confidence_level:"5"; industry_reference:"CVE-2002-1433, CVE-1999-0116, CA-1996-21"; performance_impact:"5"; product:"SmartDefense"; protection_id:"SynAttackConfiguration"; protection_name:"SYN Attack"; protection_type:"protection"; severity:"3"; smartdefense_profile:"No_protection_5c852822be90f306"; syn_defender:"SYN Defender: New config has been loaded: Disabled"]

Could you please also let me know if all the alert logs will have Field value as Null for Action

or will some Alert logs in SmartDefense will have value to the field - alert:"" ? 

Your assist will be of great help to us. We are using Version R81 

Thanks 
Muthu Mahadevan 

0 Kudos
PhoneBoy
Admin
Admin

The Action field is likely null because this log was not in regards to a specific flow.

For information about the various fields and expected values, see: https://support.checkpoint.com/results/sk/sk144192

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events