This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Justin_Hickey
Collaborator
‎2018-04-25 10:15 AM

To Log on Not To Log - that is the question

i have a rather large access policy and i assume we all do and my philosophy for a long time has been 'Log it all, let the report server sort it out'. The space and processing power needed to do this has grown to an gargantuan level and my manager is giving me the stink eye whenever I asked him for more money for an even larger server. 

I want to be able to run reports nimbly, mostly on what users and internal workstations are up to on the Internet. I also want to get any and all threat data. I dont know if I really care that a web server in the dmz has replicated with the database server for the 17,028th time today. 

So the question is, what is your criteria to log an access policy AND has not logging your more mundane policies ever come back to haunt you? Im assuming when a situations arises I can enable logs for that section and troubleshoot live. Any and all feedback is appreciated. 

Thanks, 

Justin

1 Reply
JozkoMrkvicka
Authority
Authority
‎2018-07-24 01:36 PM

Hi, 

We are not logging for example NTP traffic, stealth rule and some other services which are running every second.

Or "log them all" and extend your disk space on log servers

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events