This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
cezar_varlan1
Collaborator
‎2022-01-26 03:10 AM

Log Actions - Explanation

Does anyone have a better reference or does anyone have the knowledge to explain what the various actions in the log_action field actually mean? Also what blade generated it and what is the expected outcome?

For example Drop is generated by Firewall - and the session is finished with a silent drop [timeout].

action

Action

int

Action of matched rule
Possible values:
0 - Drop
1 - Reject
2 - Accept
3 - Encrypt
4 - Decrypt
17 - Authorize
18 - Deauthorize
30 - Bypass
33 - Block
34 - Detect
39 - Do not send
43 - Allow
46 - Ask User
61 - Extract

Note: This field is not mandatory to every log

 

 

Reference:https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
3 Replies
G_W_Albrecht
Legend
Legend
‎2022-01-26 03:54 AM

sk122323: Log Exporter - Check Point Log Export

CCSE CCTE SMB Specialist
0 Kudos
cezar_varlan1
Collaborator
‎2022-01-26 10:27 PM
In response to G_W_Albrecht

Got myself caught up in a cycling reference back to my own SK - 

@G_W_Albrecht  that article is not what I am asking. I do know how to extract the blade in the logs. But this implies the log happened, I am trying to create a dictionary and attach this to a splunk dashboard that I will publish to the rest of the IT organization so people can do a self-service lookup instead of a specific search in firewall logs

 

 

 

 

 

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-01-27 11:54 PM
In response to cezar_varlan1

Good luck with your work !

CCSE CCTE SMB Specialist
0 Kudos