cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Security Logs without Network Object Name

Hi All great Checkmates,

As per image above, in the log screen, instead of displaying object name that has been declared, it just showing the IP adresses. I cant find any setting to change or enable this.

I am using Checkpoint 1470 with R77.20.

17 Replies
Ni_c
Nickel

Re: Security Logs without Network Object Name

Database might not be installed on management sever and log server once the new object is created. 

0 Kudos

Re: Security Logs without Network Object Name

You have possibly turned off name resolution (ctrl-R). Also in old days (haven't checked in R80) if you had separate log server then you needed to install database to update object names presented in the tracker. But I believe smart log uses normal DNS instead. Check that those names resolve manually from log server CLI.

0 Kudos

Re: Security Logs without Network Object Name

This is a screenshot from locally managed appliance. 

Go to Device -> DNS and enable 'Resolve Network Objects'. See if that makes any difference.

0 Kudos

Re: Security Logs without Network Object Name

The screenshot is from a centrally managed appliance - as it has only Tabs Home / Device / Users / Logs avalable, while locally managed also show Access Policy, Threath Prevention and VPN. Usually, this page shown no logs if there is a SMS/Logserver available. The Network Objects for the IPs have to be defined in Users & Objects and Device > Network > DNS > > Resolve Network Objects enabled.

Re: Security Logs without Network Object Name

Hi Gunther,

Yes, correct, it is central managed.

Regarding the advised setting, i did try it.. but still log cannot view obj name.

0 Kudos

Re: Security Logs without Network Object Name

And you did define the Network Objects using the correct IP ? I can not see that setting yet... Maybe you should do a reboot after changing the settings ?

0 Kudos

Re: Security Logs without Network Object Name

I already define the network Obj..but right now im out of office and unable to give the proof.

Unfortunately, reboot also has been done few times but its still the same Smiley Sad Smiley Sad

0 Kudos

Re: Security Logs without Network Object Name

If it is centrally managed why are you looking at the logs on the device itself then? To my knowledge the object resolution is not done on the local device logs, only on the logserver.

Regards, Maarten
0 Kudos

Re: Security Logs without Network Object Name

What you are saying is correct. Actually, I got a few 1400 appliances, some running local, some running central, and the point is, all unable to show obj name. The firmware itself also has been upgraded to the latest version.

0 Kudos

Re: Security Logs without Network Object Name

So what are you actually saying? I do not think you will see resolution of objects locally on the boxes untill you define these objects locally on those boxes as well. 

Main question is though: why are you looking at the logs on the local devices instead of the central logs?

Why do you need to see this resolution on the local logs?

Regards, Maarten
0 Kudos
Highlighted

Re: Security Logs without Network Object Name

I do not think you will see resolution of objects locally on the boxes untill you define these objects locally on those boxes as well.

= I did define it locally on the boxes already.

Main question is though: why are you looking at the logs on the local devices instead of the central logs?

= What do you mean by this? what i can say is because this firewall is not manage by other management server, its locally managed, there is no other place to see its log right..? this firewall not using any SmartEvent server or any syslog server.

Why do you need to see this resolution on the local logs?

= It is seperate firewall. not connecting with other smart-1 or smartEvent.

0 Kudos

Re: Security Logs without Network Object Name

Sounds like a real issue to me - network objects defined locally should show in logs 😞

0 Kudos

Re: Security Logs without Network Object Name

I've been working with the locally managed SMBs' for a while, but from my experience,
I have never seen the source column in security logs show other than the actual IP address locally on the box.

Have you consult with TAC about it? Maybe its not included as a feature yet. (possible RFE...)

0 Kudos

Re: Security Logs without Network Object Name

I share similar thoughts. The Resolve Network Objects option works only for direct DNS queries and only if Allow DNS server to resolve object name option is enabled for object to be resolved. That is, if you configure appliance as DNS on a host, you will be able to resolve these objects by name.

I guess this is not enabled for local logging because of performance reasons. 

I know some syslog servers can resolve IP addresses (syslog-ng for example) but never tried it. And it will require to maintain a copy of the hosts database in one more place.

0 Kudos

Re: Security Logs without Network Object Name

Correct, logs do not show the object name in either locally or centrally managed SMB appliances.

I don't know if they should, but I have worked with more than 20 appliances since R77.20.10 and have never seen the names resolved.

Re: Security Logs without Network Object Name

I find that strange - you define network objects and servers, use them in FW rules but do not see the defined names in logs. Maybe i just remember Edge / Safe@ logs 😉

0 Kudos

Re: Security Logs without Network Object Name

Just a final statement: i am very glad that my SMS always shows logs of managed SMB appliances and logs from standAlone SMB appliances with all names displayed.