This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kamilazat
Contributor
a week ago

Is there a way to change the way severity level looks in the sent logs?

Hello all!

I want to know if it's possible to change the way this bit in the logs:

TenantName    TENANT
Timestamp    18.09.2024 10:41:32 :337
EndTime    18.09.2024 10:41:32 :000
DeviceAction    Detect
DeviceAddress    x.x.x.x
DeviceFacility    134
DeviceHostName    some-host-name
.

.

.

.

.

FlexString1    MAIN\
FlexString1Label    Policy Name
Severity    1
Type    Base
Extra    __policy_id_tag: product=VPN-1 & FireWall-1

I know that in sk116254 the table is given for the severity levels and it is possible to compare. But is it possible to change the numbers into actual strings, such as "Very Low" "Informational" "Critical" etc.?

 

Thank you!

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
a week ago

By sent you mean via Log Exporter to an external SIEM?
Not as far as I know.

0 Kudos
ShemHunter
Explorer
a week ago
In response to PhoneBoy

Hi PhoneBoy,

And if you change this setting from guidbedit?

Logs from SMB, for example, come in the form of words..

"Lastupdateseqnum: 10
Severity: Informational
Rounded Sent Bytes: 185600
Confidence Level: N/A
Rounded Bytes: 2086912"

This is the log from Application Control, URL Filtering.

Maybe I didn't just look at the logs that don't go into SIEM..

 

Preview file
241 KB
0 Kudos
PhoneBoy
Admin
Admin
a week ago
In response to ShemHunter

I'm still not clear where you are seeing the numbers versus words.
Please clarify this point with a screenshot of where exactly it is seen, blurring sensitive details.

0 Kudos
ShemHunter
Explorer
a week ago
In response to PhoneBoy

Please look at the log_value lines, I think if you change them to words corresponding to severity, I will achieve the result. 

0 Kudos
PhoneBoy
Admin
Admin
Friday
In response to ShemHunter

In what exact UI are you seeing these logs that you're trying to change by this proposed guidbedit method?
Whether what you propose will work or not...or cause other, unintended side effects...is a different story.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events