Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mjovovic
Contributor

Traffic visual presentation from logs

Hello Team,

I have only one rule (accept all "clean-up") in the security policy.

We need granular policy above cleanup rule and to put cleanup action at the end to Drop.

Customer is "blind" to traffic, no requirments and specification.

Is there any of rule log analyzing without going manually through logs in smart console?

Any script to present traffic (IP's, ports, services,...) in HTML or similar?

 

It would save our lives 🙂

 

Thank You in advance.

 

 

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee

Such tools typically present your existing policy in a Web format.

Since yours is not yet defined there are two options that come to mind, engage PS to assist in performing log analysis.

You might also choose to investigate NDR to help gain some valuable insights.

CCSM R77/R80/ELITE
Juan_
Collaborator

Is smartevent enabled? Have you tried the predefined views and reports?

You could also enable app-control and url filtering to start getting insights above layer 4.

 

I'd also suggest, from a layer 4 perspective:

 

https://community.checkpoint.com/t5/General-Topics/Tip-of-the-Week-connstat-Utility/td-p/88570

https://community.checkpoint.com/t5/Tip-Of-The-Week/Tip-of-the-Week-Traffic-analysis-with-CPMonitor-...

 

Connstat analyses snapshots of the connections table.

And CPmonitor analyses traffic captures.


Juan

mjovovic
Contributor

Hello,

 

Smart Event is enabled. I tried with reports but it is not so relevant to catch all services in details.

0 Kudos
Tal_Paz-Fridman
Employee
Employee

You could try to use the views generated by the Monitoring blade (it needs to be enabled).

Go to - SmartConsole > Gateways & Servers > select the relevant Security Gateway > apply Monitor 

Monitor - Top Services.jpg

the_rock
Legend
Legend

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events