R&D is now involved, so i hope that a new firmware will come soon ! As this is the official syntax for the Security Logs, this should be fixed asap 😎

In 6-0002939266 R&D says SMBs don't support any keywords (i.e. Source/Destination/sport/dport) in locally managed webUI search logs. This can not be - @PhoneBoy, can you please point this out to some SMB specialists ?

R&D corrected the statement, it should be possible to use single keywords (i.e. Source/Destination/sport/dport) in locally managed webUI log search. 

And is that corrected .img file version available? In R80.20.30 (992002285) I can see that if you use something like source/destination/port ... without parameter - it works, or if you use only IP address or number of port, all that works OK. But together like source:192.168.1.1 or port:443 - that's problem and it does that error in the first post.

As i wrote above, R&D is currently working on this issue that a query for Source:192.168.1.1 will show an error. This should be fixed in a new firmware version that is, of course, not available before they have found the relevant bug that has led to my post 😎

I am seeing the exact same thing here…

when I do a search for example source:192.168.1.6

it errors out,  and it also output error in the system log the same time 

are you able to see the same? if you do a search in the security logs, then after it errors out go to system log. do you also have an error there right after?

Yes, it is that issue 😎

Guess we just have to wait in eternal patience 😞

do I need to create my own TAC case? Or are they usually quick to roll out fixes?(still new in the checkpoint world)

R & D are currently testing a fix for this issue, stay tuned ! 😎

Fingers crossed. Saw the issue again today when deleting a nat rule “web server error” 

So something is definitely wrong.. 

You did not see "THE" issue anywhere. Deleting a NAT Rule has nothing to do with searching Security Logs - our web server error is a generic error (WebGUI talking to database and communication does not work), so you have to look into System Logs to differentiate the causes.

Sharing is caring.. thank you I’ll create my own TAC..

TAC wrote: the fix is now in the jumbo so I will issue an SK for it and support will be able to provide the jumbo to any customer who complains about it. It will of course also be included in the next GA but R80.20.30 GA was released not too long ago.

The sk175063 should be available in a few days, but you can just ask TAC for R80.20.30 (992002339) firmware...

SK is ready as sk175063: System error while searching on Quantum Spark Appliance with simple syntax on version R80....

But beware - there is an issue with WebGUI singleIP network objects accepting only IP and name, but no MAC address when creating or editing them. R&D is already involved. Should still work from CLI, though...

Fixed firmware R80.20.30 (992002348) is currently tested...

Im seeing the logs working now.

But as you said earlier regarding creating objects.. could it be that it impacts the ability to Create DHCP reservation too. since that's a step involved/possible when creating single ip objects?

You will always have CLI as a fallback ! The bug impacts the abillity to define a fixed object IP per MAC address in WebGUI (and adds a new object "device" - not mobile device - that only has a name and MAC...).