AnsweredAssumed Answered

Log exporter not summary logging to one event

Question asked by Kosin Usuwanthim on Aug 7, 2018
Latest reply on Aug 8, 2018 by Yonatan Philip

I'm not sure why the log separate to 4 event not summary to one event. But from smart console I can see all detail in single page.

 

1.CheckPoint - [action:"Prevent"; flags:"280832"; ifdir:"inbound"; ifname:"bond30.156"; loguid:"{0x5b691e76,0xf,0x670111ac,0xc0000017}"; origin:"XX"; originsicname:"XX,O=XX"; sequencenum:"282"; time:"1533615734"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={2DB996A2-E1A3-A14C-84EA-8F3D716B0D7B};mgmt=XX;date=1533271919;policy_name=Unified_Policy\]"; dst:"XX.XX.XX.XX"; log_id:"2"; malware_rule_id:"{D99A6D5D-8BAE-40F8-B35A-5D6C1CFBDFE7}"; policy:"Unified_Policy"; policy_time:"1533297083"; product:"SmartDefense"; proto:"17"; rule_name:"Allow Untrust - Custom"; rule_uid:"c25fc1f6-41f4-4279-9e13-aa32e1aecbc9"; s_port:"60229"; service:"53413"; session_id:"{0x5b691e76,0xf,0x670111ac,0xc0000017}"; smartdefense_profile:"Optimized (Clone)"; src:"185.234.217.134"; layer_uuid:"{C17851E7-374F-4024-892C-82868FDA31F7}"; malware_rule_id:"{D99A6D5D-8BAE-40F8-B35A-5D6C1CFBDFE7}"; smartdefense_profile:"Optimized"; ]

 

2. CheckPoint - [action:"Accept"; flags:"417028"; ifdir:"inbound"; ifname:"bond30.156"; logid:"0"; loguid:"{0x5b691e76,0xe,0x670111ac,0xc0000017}"; origin:"XX"; originsicname:"CN=XX,O=XX"; sequencenum:"284"; time:"1533615734"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={2DB996A2-E1A3-A14C-84EA-8F3D716B0D7B};mgmt=XX;date=1533271919;policy_name=Unified_Policy\]"; dst:"XX.XX.XX.XX"; inzone:"External"; layer_name:"Unified_Policy Network Rule"; layer_uuid:"261a755f-b462-4f95-9194-be1d76d9839c"; match_id:"197"; parent_rule:"0"; rule_action:"Accept"; rule_name:"Allow Untrust - Custom"; rule_uid:"c25fc1f6-41f4-4279-9e13-aa32e1aecbc9"; outzone:"Internal"; product:"VPN-1 & FireWall-1"; proto:"17"; s_port:"60229"; service:"53413"; service_id:"udp-high-ports"; src:"185.234.217.134"; ]

 

3.CheckPoint - [flags:"147456"; ifdir:"inbound"; loguid:"{0x5b691e76,0xf,0x670111ac,0xc0000017}"; origin:"XX; originsicname:"CN=XX,O=XX"; sequencenum:"286"; time:"1533615734"; version:"5"; attack:"Security Products Enforcement Violation"; attack_info:"Netis/Netcore Router Hard-Coded Backdoor"; confidence_level:"5"; description_url:"NETIS_R_help.html"; performance_impact:"3"; product:"SmartDefense"; protection_id:"asm_dynamic_prop_NETIS_R"; protection_name:"Netis/Netcore Router Hard-Coded Backdoor"; protection_type:"IPS"; severity:"3"; smartdefense_profile:"Optimized"; src:"185.234.217.134"; ]

 

4. CheckPoint - [flags:"18688"; ifdir:"inbound"; loguid:"{0x5b691e76,0xf,0x670111ac,0xc0000017}"; origin:"XX"; originsicname:"CN=XX,O=XX"; sequencenum:"288"; time:"1533615734"; version:"5"; log_id:"2"; packet_capture_name:"src-185.234.217.134.eml"; packet_capture_time:"1533615734"; packet_capture_unique_id:"185.234.217.134_maildir_sent_new_time1533615734.mail-895411386-1818202990.localhost"; product:"SmartDefense"; ]

Outcomes