- Products
- Learn
- Local User Groups
- Partners
-
More
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Checkpoint local user- related logs storage path
Can we configure any alert in firewall which notifies the password change related logs
Kaspars_Zibarts
you can see password changes in the messages file, for example just grep for "pass"
[Expert@fw1:0]# grep -i pass messages
User admin changing password interactively:
Jun 4 05:13:23 2018 fw1 xpand[16234]: User entry created for "admin" in the password database
Jun 4 05:13:23 2018 fw1 xpand[16234]: admin localhost p -passwd:admin:lastchg 1507809353
Jun 4 05:13:23 2018 fw1 xpand[16234]: admin localhost p +passwd:admin:lastchg 1528100003
Jun 4 05:13:23 2018 fw1 xpand[16234]: admin localhost p -passwd:admin:passwd ********************************
Jun 4 05:13:23 2018 fw1 xpand[16234]: admin localhost p +passwd:admin:passwd **********************************
where 1528100003 is the EPOC time you may convert with any tools, for example
date -d '1970-01-01 UTC + 1528100003 seconds'
Mon Jun 4 05:13:23 ART 2018
Expert password set with hash instead of interactive:
Jun 4 06:55:47 2018 fw1 clish[13821]: cmd by admin: Start executing : set expert-password-hash ... (cmd md5: ecb7a46d62f313d7f1cc2bc0dacbfbd9)
Then generating alerts would be up to you - you can write scripts, do polling etc depending on the destination of the alert
PhoneBoy
If you're wanting to get the Gaia OS logs into SmartLog so you can run SmartEvent reports, refer to: How to export syslog messages from Security Gateway on Gaia OS to a Log Server and view them in Smar...
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY