This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
okatsladz454
Participant
‎2024-05-17 08:49 AM
Jump to solution

The src_country and dst_country fields

Good afternoon.

In the Threat Prevention logs fields of the demo stand (the one that can be opened when opening Smartconsole) I see two specific fields:

1. Source Country
2. Destination Country

Which display the source/destination country of the IP address, respectively. (screenshoot demo.png)

 

However, I do not see these fields on my stand, there is no display in the traffic section. (screenshoot mine.png)

Please tell me how to enable the display of data from two fields in smartlog and is it possible to export this through cp log exporter on log collector?

Preview file
154 KB
Preview file
159 KB
0 Kudos
1 Solution

Accepted Solutions
Duane_Toler
Advisor
‎2024-05-18 06:43 PM
In response to okatsladz454
Jump to solution

The IP2Country mapping happens on the gateway.  The association between countries and flags happens on the management.

 

Check SK92823 to update the GeoIP info manually.  Be sure to install policy afterwards... just in case.If this doesn't help, then a call to TAC may be your next best thing.  There are a few odd complexities that can be involved, including the AutoUpdater service not functioning correctly. Although, it could be as simple as a policy error, too.

 

I can't remember for certain if you'll need to have the Geo Protection policy enabled, but I'm mostly certain you do.  I have one enabled on all of my customers, and theirs works; but causation != causality, tho.

 

View solution in original post

(1)
12 Replies
Duane_Toler
Advisor
‎2024-05-17 09:29 AM
Jump to solution

Make sure the ip2country download and mapping is taking place correctly. 

https://support.checkpoint.com/results/sk/sk120261

https://support.checkpoint.com/results/sk/sk79360

https://support.checkpoint.com/results/sk/sk94364

Be sure to verify your software subscription and license contracts are in order so that the automatic download can take place correctly.

okatsladz454
Participant
‎2024-05-18 11:42 AM
In response to Duane_Toler
Jump to solution

Good weekend, thanks for your help. 

 

Don t see this file on GW at all, should i add it or check the SMS too?

 

 

 

Preview file
19 KB
0 Kudos
Duane_Toler
Advisor
‎2024-05-18 06:43 PM
In response to okatsladz454
Jump to solution

The IP2Country mapping happens on the gateway.  The association between countries and flags happens on the management.

 

Check SK92823 to update the GeoIP info manually.  Be sure to install policy afterwards... just in case.If this doesn't help, then a call to TAC may be your next best thing.  There are a few odd complexities that can be involved, including the AutoUpdater service not functioning correctly. Although, it could be as simple as a policy error, too.

 

I can't remember for certain if you'll need to have the Geo Protection policy enabled, but I'm mostly certain you do.  I have one enabled on all of my customers, and theirs works; but causation != causality, tho.

 

(1)
okatsladz454
Participant
‎2024-05-20 12:44 AM
In response to Duane_Toler
Jump to solution

Good morning. 

 

It had no effect on logs, still i don t see source and destination country fields: 

 

 

version 81.20 last take

 

 

 

Preview file
32 KB
Preview file
60 KB
0 Kudos
okatsladz454
Participant
‎2024-05-20 12:54 AM
In response to Duane_Toler
Jump to solution

IT probably help me 

I see the fiels at my syslogserver 

Thank you very much! 

 

 

 

Preview file
22 KB
the_rock
Legend
Legend
‎2024-05-20 01:05 AM
In response to okatsladz454
Jump to solution

Good job!

0 Kudos
Duane_Toler
Advisor
‎2024-05-20 07:15 AM
In response to okatsladz454
Jump to solution

Excellent!  Just to be certain, did you enable to Geo Protection policy as well?  Or just update ip2country info from the SK article?

0 Kudos
the_rock
Legend
Legend
‎2024-05-17 07:07 PM
Jump to solution

Agree with @Duane_Toler 

0 Kudos
the_rock
Legend
Legend
‎2024-05-17 07:12 PM
Jump to solution

Are you able to search by say basic filter src_country:CN for China, as an example.

Andy

0 Kudos
okatsladz454
Participant
‎2024-05-18 11:36 AM
In response to the_rock
Jump to solution

Good evening.

Nope. Tried to use the:

1) src_country:CN 

2)src_country:China

3)src_country:china

4) src_country:People's Republic of China

and other options 

 

but still nothing 

 

1.jpg

2.jpg

 

0 Kudos
the_rock
Legend
Legend
‎2024-05-18 01:35 PM
In response to okatsladz454
Jump to solution

Does it work for any other country?

Andy

0 Kudos
okatsladz454
Participant
‎2024-05-20 12:46 AM
In response to the_rock
Jump to solution

Good morning. 

No, it doesn t work for other country:

 

 

 

Preview file
71 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events