Whew!  What a relief to see your incredibly friendly greeting!!!
When I saw the name, "the_rock", I just knew that I was going
to get body slammed - your greeting was 180 degrees opposite
of that!!!

Andy, as I mentioned, I'm a newborn with Checkpoint, and so
i alert you of this to prepare you for my quesitons which may
appear to be very elementary.  Based on where I am in my 
Checkpoint learning journey, I truly am in "elementary" school.

Okay, my question has to do with a term that I saw in the
R81 Quantum Security Management Administration Guide.
Here is the term:

Audit Log
Log that contains administrator actions on a Management Server (login and logout, creation or modification of an object, installation of a policy, and so on).

Where is the "Audit Log" stored - that is, on which system does it reside?

Thanks Andy for taking on my question, and again for being so exceptionally kind
and pleasant with your reception!!!

Trevor

The mentioned audit logs reside on the management server where one makes changes unless one configures log forwarding to another server. 

This is great!

Thanks Val!

@trevorc hahahaha, your commend about body slamming, Im still laughing about it LOL

Anyway, dont worry, I never did such a thing in my life and I never would, but maybe I should change my username to the_pebble? : - )

Now, to your question. Those logs are indeed present on mgmt server itself and you can find them in smart console.

Andy

Glad I could make you laugh Andy!  Only good can come from a laugh - the more the better!!!

Here's a suggestion on your username change:  "The_Pleasant_Guy"

Thanks for elevatng my knowledge about the whereabouts of the audit logs!!!

Thanks for the quick response Andy.

No, my question is not related to the CCSA exam.  I was going through the glossary in the guide, and when I came across that term - Audit Log - I wanted to add to my understanding.  I'm not even thinking about the CCSA exam right now.  My focus on learning this stuff is so that I can actually do some work in the practical world.

Thanks again Andy for the response, and for the link to the CCSA exam resource!

Trevor

@trevorc in this case, you can "guess" where the question belongs. In case of the audit logs, it is most probably for CheckMates /Products/Quantum/ Management

However, don't be stressed about it. Admins will help you to move your post if you miss something and post it to the wrong category.

Thanks Val!  It's very comforting to know that no one will want to hit me with a flame thrower because I didn't post a query in the correct place!!!

I will take some screenshots later and send them over, so you can see exactly where to find those logs.

Andy

Don't forget CP4B (Check  Point for Beginners) 😉. Save you a few screenshots:

https://community.checkpoint.com/t5/Check-Point-for-Beginners/Part-12-Logs-and-Reporting/ba-p/88234?...

https://community.checkpoint.com/t5/custom/page/page-id/CommunityBeginnersChild?cat=2

I dont mind at all, not a slightest effort 🙂

Andy

Looks like I've landed upon a gold mine in this community!!!

Thanks Don_Patterson!!!

@trevorc 

I took few screenshots (doc file attached), but if not clear, we can do remote and I can show you in my lab. By the way, you can download smart console from the support site and just use demo option to log in if you dont have lab or real environment to check.

Andy

Nice one!

Well worth considering Revision Control, or at least Revisions, along with the audit logs. Watch the video (as per the CCSA manual)

Main point is that Audit log is activity on the Security Management Server (SMS) and Revisions is about the database where all the policy and objects are stored. That Revisions is about the postgres database and capturing changes in there, as apposed to who logged into the SMS when, and made what changes.

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid...

https://www.youtube.com/watch?v=_KJihPaTx2c

Im "throwing in" another great video by awesome @Magnus_Holmberg 

Andy

Check Point Firewall - fwlog, audit log, messages

Wow the_rock, you are definitely a gold mine of information.  Are you getting paid for providing this assistance 🙂 🙂

Well, if someone volunteers to pay me, I wont complain 😉

Just kidding, glad to help man!

Andy

This learning is amazing!!!

Many thanks Don_Patterson!!!!

You are welcome.

I guess you are using Demo Mode/Demo Server.

Good things to note about demo mode:

- Extend the demo server time as soon as you connect (see page 95 of CCSA).

- Demo mode Policy Packages (Corporate_Policy and Branch_Office_Policy) are similar to the CCSA policies and they also follow best practices.
https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid... 

- In the Demo mode Corporate_Policy is the default policy package Standard that has been renamed to Corporate_Policy.

You can prove that for yourself by running these two commands in the Demo mode SmartConsole (first click COMMAND LINE in the lower left corner of the SmartConsole:

add access-rule layer "Network" position 1 name "TEST API RULE ADD" source.1 Any destination.1 Any service.1 "bootp" service.2 "NBT" action "drop"

add access-rule layer "Branch_Office_Policy Network" position 1 name "TEST API RULE ADD" source.1 Any destination.1 Any service.1 "bootp" service.2 "NBT" action "drop"

https://sc1.checkpoint.com/documents/latest/APIs/#cli/add-access-rule~v1.9.1%20

VMWare Workstation is free now, so if you have a decent desktop or laptop you can try to build your own lab.

That will offer a lot of opportunity to learn more.

https://www.youtube.com/watch?v=kJ373MmojhI&list=PLMAKXIJBvfAiB9_6Ft6tiRiYyZmZsgHjb

https://www.youtube.com/watch?v=IdzJ-zHCa1c&list=PLMAKXIJBvfAjP50Dl1zLzyQvW_MC14cvz

This is so, so, so much more than I could have ever expected, and for that reason, a thank you just seems so trite.  Unfortunately, that's all I'm able to offer right now.

Many, many, many thanks Don_Paterson for being so gracious with your time and efforts to provide me with assistance beyond what I would have ever thought of!!!!

No worries.

Last one for today. Check this one out:

https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/general-management/32463/1/r80.10... 

the_rock, I've said it before, and I'll say it again, you are proving to be one heck of a resource!!!

Thank you for the suggestion to download SmartConsole from the support site.  This is perfect, because I don't have either a lab or a real environment.

Many thanks the_rock!!!!

Message me directly any time and we can do remote, happy to show you my lab. Its really good resource to learn : - )

Andy

Andy, you've got a lot of customer service in your personality!!!

Many thanks!!!!

I try haha 🙂

Andy

Thanks _Val_ for the very kind and pleasant welcome!  

Thus far, the helpfulness out here has been tremendous/awesome/magnificent !!!!