Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Young_Wook_Choi
Contributor
Jump to solution

[Issue] R80.10 SmartConsole: Export Logs to CSV

Hi,

In SmartConsole, I want to export logs to CSV for some period. (For example, 30 days)

I applied the filter(30 days) and export it to a CSV file.

However, the log of 30 days was not exported and only a part was exported.

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

It will only export the records currently visible.

This is a known limitation that I believe is planned to be addressed in future releases.

SmartView (available at https://management-ip/smartview) will export up to a million records if I recall.

View solution in original post

31 Replies
PhoneBoy
Admin
Admin

It will only export the records currently visible.

This is a known limitation that I believe is planned to be addressed in future releases.

SmartView (available at https://management-ip/smartview) will export up to a million records if I recall.

Young_Wook_Choi
Contributor

Thanks for your update. 

When will this limitation be resolved? Will it be resolved in the next version? (Such as R80.20 or R80.30)

Kfir_Dadosh
Collaborator

Sure, it is in our roadmap and will be added in future versions.

PhoneBoy
Admin
Admin

Exact release target has not been finalized.

0 Kudos
Stuart_Street
Participant

I would like to export firewall logs, the Web based SmartView (available at https://management-ip/smartview) does not show the access rule name or number. Is there a way to add these?

0 Kudos
PhoneBoy
Admin
Admin

As far as I know there is not, at least in the Log view.

In the reports view, it's possible to create a report that includes the Rule Name.

For me, at least, was not showing the Rule Name.

it, it 

Stuart_Street
Participant

Thanks Dameon,

Is Reports view something that needs to be enabled? I seem to only have "Open Log View" and "Open Audit Log View".

0 Kudos
PhoneBoy
Admin
Admin

Click on the plus (far right tab).

From here, you can create a New View:

Specify category Access Control:

Then you can add a widget using the screenshot I showed earlier.

Vladimir
Champion
Champion

I believe this requires SmartEvent blade and license to function as depicted, else you'll see only the Log View and Audit Log View options.

Can you tell me what befell those who had SmartReporter licence and blade active in R77 after upgrade to R80.10?

0 Kudos
PhoneBoy
Admin
Admin

SmartReporter doesn't exist in R80+.

If you only have a license for this and you haven't yet traded in for SmartEvent, you will need to work with your Check Point rep/partner to trade in for a SmartEvent license. 

0 Kudos
Tomer_Sole
Mentor
Mentor

no need for SmartEvent license to export logs.

Jimmy_Mehta
Participant
how to export those files from management server
0 Kudos
quanglnh
Participant

Hi, Phone Boy,

 

How about this issue now ? Does it resolve ?

Thanks!

0 Kudos
PhoneBoy
Admin
Admin
I'm not sure what you're asking about.
Please create a new thread that fully states what you have a question about, relevant versions, screenshots, etc.
0 Kudos
quanglnh
Participant
Sorry PhoneBoy,
I just mean about the limit of SmartConsole when export log, it only can export visible logs. Now, in R80.30 i still see the same. Thanks!
0 Kudos
Amir_Senn
Employee
Employee

Hi,

From R80.20 and above you can export up to a 1 million logs. You can do it using the SmartView webapp.

From any server with a logging module (SMS/MDS, Log Server, SmartEvent) just surf to https://<server-IP>/smartview

Log in with same credentials. Go to the logs view -> Options -> Export -> Export to Excel.

 

Kind regards, Amir Senn
0 Kudos
prisciltetchou
Contributor

Hello PhoneBoy; 

We have a MDS, MDL in R80.30 with HF T237.  We cannot have more than 10k of logs in SmartView. 

Any idea, please? 

0 Kudos
PhoneBoy
Admin
Admin

Not sure I follow.
You mean you can’t export more than 10k logs to CSV (the subject of this thread) or you can’t view more than 10k of logs?
Regardless, this will probably require a TAC case.

0 Kudos
prisciltetchou
Contributor

Hello PhoneBoy, 

Both, I have done a query to have logs for 30days, normally I should have more than 10k logs but smartview shows not more than 10K and when I export, the CSV contains only the logs that I saw in smartview (not more than 10k logs).  

Before I install the HF, we could get up to 1M logs in excel file. Now the only option of export log format is CSV. 

I have restarted the indexer service and installed the database on the domain, but it has not solved the issue. 

Is there another process or service I should check? 

Could it be a known issue with the HotFix T237 of R80.30? 

Thanks in advance for your support on this. 

0 Kudos
Network_generic
Explorer

Hey Checkpoint,

Is there already a hotfix for this annoying bug available? 

The workaround is not a workable solution for policy cleanup!

We used to work with a mgmt station in R80 and migrated last week to MGMT R80.10.

Kr,

Fabio

0 Kudos
PhoneBoy
Admin
Admin

As far as I know, this limitation still exists and does not have an immediate fix.

It is expected to be addressed in a later release, as noted elsewhere in this thread.

0 Kudos
Tomer_Sole
Mentor
Mentor

what bug?

you can export through  https://management-ip/smartview

Martin_Visser
Participant

I'm not sure if you call it a bug or non-feature. But this doesn't work the way most security engineers expect it to. (I have been through CP support on this). SmartView only reports on what CP has decided is a security event or incident. So when it calculates bandwidth or logs or the like it is only these.

For instance I wanted to be able to report all access (Accept or Drops) to the NTP service. Even though we log each of these, and those logs are sent to the SmartEvent server, SmartView isn't interested in reporting these.

I am interested though, as the security gateway clearly is logging these, and being at the centre of the network, is the most obvious point to instrument from. Very frustrating particularly as we went to the effort of justifying the additional CP licence for this on the basis of the visualisation it could give us.

PhoneBoy
Admin
Admin

The following thread is probably relevant to the conversation:

Re: Creating reports with tracking "per connection"

0 Kudos
Martin_Visser
Participant

Thanks Dameon,

It looks relevant, but still doesn't address why the SmartView tool simply misrepresents the operating state of the system. We have been logging pretty much everything that passes through our security gateway (from when it was greenfield 6 months ago, and as we migrated the legacy workloads into the new datacenter environment). We did this so we could analyse the state of the environment to help us close the loop and the security policy and the overall network state of the environment. If the suggestion is to add "Session" logging to everything, well and good, but why isn't this the default (or at least a suggestion) when the SmartEvent server is deployed.

It just is ludicrous when we thousands of NTP logs per hour, yet running SmartView to report on NTP gives nada. It's just not sane defaults.

0 Kudos
PhoneBoy
Admin
Admin

From my R80.20.M1 system, this seems to be working as expected.

Even in older releases, I would expect this to work.

You may want to engage the TAC for further troubleshooting.


0 Kudos
TheRealDiZ
Collaborator

Hi All, 

 

Anyone knows if this "bug" is actually solved or there is any kind of dedicated fix for R80.10 or included in a specific SmartConsole package?

 

Ciao e grazie

Diz Smiley Very Happy

PhoneBoy
Admin
Admin
As far as I know there is no SmartConsole fix for this
In future versions, SmartView will replace what's in SmartConsole.
You can access SmartView with a web browser: https://mgmt-ip/smartview
0 Kudos
FM
Contributor

or replace IP with hostname: 
https://mgmt-hostname/smartview

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events