Aside from removing the need to open multiple Check Point applications, what are the other benefits that seeing logs and policies at the same time can add to the decision-making?
R80 SmartConsole integrates SmartLog not only as a standalone view, but also inside various dialogs and "panes", in order to assist the administrator with his decision making.
We will start with the more trivial locations.
The SmartLog pane appears in the bottom of:
The query inside that pane can be modified, by clicking the tiny "x" button in the filter inside the search box.
SmartLog also assists when as the administrator designs new rules in the policy. When creating a new Access Control rule, the logs pane changes its query to match the logs by the new rule's content. So in the example below, as the user selects "HR Lan" for the new rule's source, the query in the logs pane now searches all the logs that matched this network in the source, possibly assisting with similar rules that intercept this traffic today. The logs become more filtered as the user continues to change the rule. This feature is called content logs.
You can see content logs for existing rules by right-clicking their rule number, possibly discovering the similar rules which matched some of their traffic.
There is also interaction from logs back to the policy. Right-clicking relevant cells in the logs can:
Read about working with the audit logs next to your security management content at What are the features inside SmartConsole which contain integrated audit logs?
Retrieving data ...