This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
gironer
Explorer
‎2023-07-05 06:48 AM

Missed "Connection" Logs data in Reports/View

When creating Reports/Views and doing some filtering we have noticed that when comes to Log Type "Connection" even though they are for sure visible in the Smart Console Logs, they are not reflected in the reports. 

For the case in particular we noticed that when comes to filters logs  (packet drops) by "first packet isn't syn"  on an report we got not date found. We know for sure logs are there even though but for some reason cannot be retrieved to the reports/views.  

We are aware that this also happens to the Log Type=Session, and this get solved by enabling on the firewall rules tracking "Per Session".  Would it be possible that the same can be done for the  Log type "Connection". All the logs we have for as first packet isn't syn"  are "Connection" log type, which of course explain the lack of data in the reports/views.

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2023-07-05 08:17 AM

Explicit configuration is required to use Connection logs in SmartEvent reports as these are not indexed by default.
See: https://support.checkpoint.com/results/sk/sk150452 
Depending on the volume of logs involved, this can cause additional load. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events