Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
cezar_varlan1
Collaborator

Log Actions - Explanation

Does anyone have a better reference or does anyone have the knowledge to explain what the various actions in the log_action field actually mean? Also what blade generated it and what is the expected outcome?

For example Drop is generated by Firewall - and the session is finished with a silent drop [timeout].

action

Action

int

Action of matched rule
Possible values:
0 - Drop
1 - Reject
2 - Accept
3 - Encrypt
4 - Decrypt
17 - Authorize
18 - Deauthorize
30 - Bypass
33 - Block
34 - Detect
39 - Do not send
43 - Allow
46 - Ask User
61 - Extract

Note: This field is not mandatory to every log

 

 

Reference:https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend

sk122323: Log Exporter - Check Point Log Export

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
cezar_varlan1
Collaborator

Got myself caught up in a cycling reference back to my own SK - 

@G_W_Albrecht  that article is not what I am asking. I do know how to extract the blade in the logs. But this implies the log happened, I am trying to create a dictionary and attach this to a splunk dashboard that I will publish to the rest of the IT organization so people can do a self-service lookup instead of a specific search in firewall logs

 

 

 

 

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Good luck with your work !

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events