This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
asher
Contributor
‎2021-01-26 07:30 AM
Jump to solution

check if host access Internet last 30 days automation

Hello

 

we upgrade Management to R80.40 ( smart1 appliances) 

we have also dedicated appliance for LOG SERVER. we have Mounty Phyton script that use API

for list Host and ip object that member in Network group with access to internet. the groups has a Tags , and with api we get all members on each TAGED group,

we want to add also option that look for last time each object is access to internet ( should be traffic to specific PROXY ip address )

its possible ?

the api version is 1.6.1 

in other words i need find way to query last 30 days that each object made traffic with 8080 to PROXY ip address with accepted action

0 Kudos
1 Solution

Accepted Solutions
Maik
Advisor
‎2021-01-26 11:25 PM
In response to asher
Jump to solution

You could try to accomplish something with third party tools and the log exporter

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

However, for your use-case the api should be the way to go. As far as I understand you are able to filter with the "filter" argument...

grafik.png

In fact it seems to be exactly the same filters that you use when you access your logs via the SmartConsole logging section.

Unfortunately I am not able to test this as I do not have a matching R80.40 or R81 deployment.

View solution in original post

0 Kudos
4 Replies
Maik
Advisor
‎2021-01-26 09:25 AM
Jump to solution

Hey,

I did not use this feature yet, however with api version 1.6.1 which got introduced with R80.40 JHF Take 78 you are actually able to use the mgmt api in order to search for log entries.

As far as I understand the documentation it should be possible to achieve exactly what you want with this feature:

https://sc1.checkpoint.com/documents/latest/APIs/#cli/show-logs~v1.6.1%20

[Of course you need to enable logging in the rules for the respective traffic]

Regards,

Maik

0 Kudos
asher
Contributor
‎2021-01-26 11:07 PM
In response to Maik
Jump to solution

I read that documentation but there is no filter by source ip and Destination ip 

if there is other idea also without API ?

0 Kudos
Maik
Advisor
‎2021-01-26 11:25 PM
In response to asher
Jump to solution

You could try to accomplish something with third party tools and the log exporter

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

However, for your use-case the api should be the way to go. As far as I understand you are able to filter with the "filter" argument...

grafik.png

In fact it seems to be exactly the same filters that you use when you access your logs via the SmartConsole logging section.

Unfortunately I am not able to test this as I do not have a matching R80.40 or R81 deployment.

0 Kudos
asher
Contributor
‎2021-01-27 12:02 AM
In response to Maik
Jump to solution

yes its correct the filter is same as search on console, its not explained on the KB

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events