This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AkosBakos
Mentor Mentor
Mentor
‎2024-09-13 05:26 AM
Jump to solution

IPS events grouping in SmartLog

Hi CheckMates,

I have a simple question.

How can I set (can it be set at all?) the grouping the IPS events in SmartLog? Now The SmartLog was joking me, and collected the log into a group (this were IPS Prevent logs) so I couldn't find that, the traffic is prevented for the first sight.

This is a small thing, but really annoying.

Any tips are welcome

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend
‎2024-09-13 05:38 AM
Jump to solution

I'm assuming you are referring to Threat Prevention Log Suppression, and not SmartEvent's correlation of multiple logs into events.

Bottom line is that yes, Log Suppression can be disabled on the gateway by changing a kernel variable.  But be warned that this can substantially increase the number of logs sent to your SMS/Log Server.  See my 2022 Max Gander CPX Speech for a detailed discussion of Log Suppression and its varying suppression intervals, and these: 

sk108423: IPS generates Alerts instead of Logs in R77.30 and lower

sk115876: Some fields are missing from IPS or Threat Prevention logs

 

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2

View solution in original post

2 Replies
Timothy_Hall
Legend Legend
Legend
‎2024-09-13 05:38 AM
Jump to solution

I'm assuming you are referring to Threat Prevention Log Suppression, and not SmartEvent's correlation of multiple logs into events.

Bottom line is that yes, Log Suppression can be disabled on the gateway by changing a kernel variable.  But be warned that this can substantially increase the number of logs sent to your SMS/Log Server.  See my 2022 Max Gander CPX Speech for a detailed discussion of Log Suppression and its varying suppression intervals, and these: 

sk108423: IPS generates Alerts instead of Logs in R77.30 and lower

sk115876: Some fields are missing from IPS or Threat Prevention logs

 

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
AkosBakos
Mentor Mentor
Mentor
‎2024-09-13 06:08 AM
In response to Timothy_Hall
Jump to solution

Exactly! Thanks for the clarification.

Now, I think I should live together with this feature 🙂

Akos

----------------
\m/_(>_<)_\m/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top