Log Actions - Explanation

cezar_varlan1 · ‎2022-01-26

Does anyone have a better reference or does anyone have the knowledge to explain what the various actions in the log_action field actually mean? Also what blade generated it and what is the expected outcome?

For example Drop is generated by Firewall - and the session is finished with a silent drop [timeout].

action

Action

int

Action of matched rule
Possible values:
0 - Drop
1 - Reject
2 - Accept
3 - Encrypt
4 - Decrypt
17 - Authorize
18 - Deauthorize
30 - Bypass
33 - Block
34 - Detect
39 - Do not send
43 - Allow
46 - Ask User
61 - Extract

Note: This field is not mandatory to every log

Reference:https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

G_W_Albrecht · ‎2022-01-26

sk122323: Log Exporter - Check Point Log Export

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

cezar_varlan1 · ‎2022-01-26

Got myself caught up in a cycling reference back to my own SK -

@G_W_Albrecht that article is not what I am asking. I do know how to extract the blade in the logs. But this implies the log happened, I am trying to create a dictionary and attach this to a splunk dashboard that I will publish to the rest of the IT organization so people can do a self-service lookup instead of a specific search in firewall logs

G_W_Albrecht · ‎2022-01-27

Good luck with your work !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Are you a member of CheckMates?

Log Actions - Explanation