Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tomer_Sole
Mentor
Mentor
Jump to solution

What are the features inside SmartConsole which contain integrated log views?


Aside from removing the need to open multiple Check Point applications, what are the other benefits that seeing logs and policies at the same time can add to the decision-making?

1 Solution

Accepted Solutions
Tomer_Sole
Mentor
Mentor

R80 SmartConsole integrates SmartLog not only as a standalone view, but also inside various dialogs and "panes", in order to assist the administrator with his decision making.

We will start with the more trivial locations.

The SmartLog pane appears in the bottom of:

  • Access Control rulebases - logs for the selected rule.
  • Threat Prevention rulebases - logs for the selected rule.
  • Tooltip of any given object lets you see its logs.

tooltip-to-logs.png

  • IPS Protections view - logs for traffic through the selected protection.
  • IPS Profiles view - logs for traffic through the selected profile.

logs-per-profile.png

The query inside that pane can be modified, by clicking the tiny "x" button in the filter inside the search box.

"​Content Logs":

SmartLog also assists when as the administrator designs new rules in the policy. When creating a new Access Control rule, the logs pane changes its query to match the logs by the new rule's content. So in the example below, as the user selects "HR Lan" for the new rule's source, the query in the logs pane now searches all the logs that matched this network in the source, possibly assisting with similar rules that intercept this traffic today. The logs become more filtered as the user continues to change the rule. This feature is called content logs.

content-logs.png

You can see content logs for existing rules by right-clicking their rule number, possibly discovering the similar rules which matched some of their traffic.

show-content-logs.png

There is also interaction from logs back to the policy. Right-clicking relevant cells in the logs can:

  • Create a host based on the returned IP address
  • Edit the host that was matched on that log
  • Jump to the matched rule, rulebase, threat prevention protection or profile.

host-from-logs.png

Read about working with the audit logs next to your security management content at What are the features inside SmartConsole which contain integrated audit logs?

View solution in original post

1 Reply
Tomer_Sole
Mentor
Mentor

R80 SmartConsole integrates SmartLog not only as a standalone view, but also inside various dialogs and "panes", in order to assist the administrator with his decision making.

We will start with the more trivial locations.

The SmartLog pane appears in the bottom of:

  • Access Control rulebases - logs for the selected rule.
  • Threat Prevention rulebases - logs for the selected rule.
  • Tooltip of any given object lets you see its logs.

tooltip-to-logs.png

  • IPS Protections view - logs for traffic through the selected protection.
  • IPS Profiles view - logs for traffic through the selected profile.

logs-per-profile.png

The query inside that pane can be modified, by clicking the tiny "x" button in the filter inside the search box.

"​Content Logs":

SmartLog also assists when as the administrator designs new rules in the policy. When creating a new Access Control rule, the logs pane changes its query to match the logs by the new rule's content. So in the example below, as the user selects "HR Lan" for the new rule's source, the query in the logs pane now searches all the logs that matched this network in the source, possibly assisting with similar rules that intercept this traffic today. The logs become more filtered as the user continues to change the rule. This feature is called content logs.

content-logs.png

You can see content logs for existing rules by right-clicking their rule number, possibly discovering the similar rules which matched some of their traffic.

show-content-logs.png

There is also interaction from logs back to the policy. Right-clicking relevant cells in the logs can:

  • Create a host based on the returned IP address
  • Edit the host that was matched on that log
  • Jump to the matched rule, rulebase, threat prevention protection or profile.

host-from-logs.png

Read about working with the audit logs next to your security management content at What are the features inside SmartConsole which contain integrated audit logs?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events