Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
VAIBHAV70709
Participant
Jump to solution

checkpoint Firewall audit for configuration change

Hi ,
How to do audit for Firewall configuration changes done through cli or GUI .
Suppose if any firewall engineer perform changes I would to like know who logged in to firewall and what changes has been done .


Regards,
Vaibhav

0 Kudos
1 Solution

Accepted Solutions
Yatiraj_Panchal
Contributor

Hi, 

 

You have to enable Audit logs on WebUI to send management server, please check the attached snip. 

You can check Audit logs in SmartConsole --> Logs & Monitor --> New Tab -->Click on Audit Logs. 

 

 

 

View solution in original post

9 Replies
Chris_Atkinson
Employee Employee
Employee

 

This would be your first port of call: Logs & Monitor > New Tab > Audit...

audit.png

GUI being SmartDashboard vs Web UI?

CCSM R77/R80/ELITE
Maarten_Sjouw
Champion
Champion
This log is just for changes made in the SmartConsole, nothing done on GAIA will be recorded here.
Normally commands in clish are recorded in the messages file, I don't know about the WebUI.
When you use a TacAcs server though this will record the actions done per user per system, sorry I do not know to what level.
Regards, Maarten
VAIBHAV70709
Participant

Hi Maarten ,

Thanks for the response .

Correct ,from smart console we can see only firewall rules changes , admin operation in smart console .

I am more interested to find out changes done on GAIA from CLI or WEBGUI .

Regards,

Vaibhav

 

0 Kudos
_Val_
Admin
Admin

By default, OS audit logs are sent to /var/log/messages

You can also redirect Gaia logging to another file, as described here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
VAIBHAV70709
Participant
Thanks very much !!
0 Kudos
Yatiraj_Panchal
Contributor

Hi, 

 

You have to enable Audit logs on WebUI to send management server, please check the attached snip. 

You can check Audit logs in SmartConsole --> Logs & Monitor --> New Tab -->Click on Audit Logs. 

 

 

 

VAIBHAV70709
Participant
Thanks Yatiraj , I will try this now
0 Kudos
VAIBHAV70709
Participant

Hi ,

I have enabled Audit logs on WebUI and its working as expected . Thanks very much !!

 

0 Kudos
shiv_poch
Explorer

Hi Yatiraj,

We have the same issue. We can't see the audit logs in Smart Console from the gateways.

The recommended config we already implemented but we still don't see the audit logs from the gateways from the Smart Console audit logs tab.

Do we need to do any more step to make this work?

From gateway: System Management > System Logging > Send audit logs to management server upon successful configuration is ticked

Hoping for anyone's help.

Thanks.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events