This article will guide you through the basics of Logs and Reporting on the CheckPoint firewall device.
1.User Interface :
– Check Point has completely changed the look and feel of the admin interface in version R80.
– Go Logs & Monitors and open a new Tab, you will see:
– There are two default options:
- Audit Logs View – displays all events related to administrative operations: admin logins and logouts events, configuration changes, policy and objects edits… which is a tool that tracks administrative activity over time.
- Logs View – displays security logs generated by different Software Blades: Firewall, Anti-Virus, IPS,…
– To view security logs, Double-click on Logs to view.
– In the log window we have all the security logs sent by different Software Blades. To simplify log management, Check Point allows searching through the following options:
- Free text search (Example: “Microsoft”)
- Filter through Software Blade, Enter “blade:” go to the search field and then select the one you need (firewall, IPS, antivirus…)
- Search using defined fields: src, dst, action. For example: action : prevent
- You can use (AND, OR, NOT)
– You can combine multiple filters in one search.
– There are many filters in the Queries menu on the left.
2.SmartEvent :
– To work with Views & Reportswe need enable SmartEvent Software Blade on Security Management Server.
– Select both SmartEvent Server and SmartEvent Correlation Unitsthen select OK.
– Afterward install database to Security Management Server.
– Once completed you will see options Views and Reports in the window Logs & Reports.
+ Views : There are many default views available, when selecting a view you can see a preview of the one you choose. Views can be changed or customize your own views, as well as import and export them.
+ Reports : Security information can be collected and processed in the form of Reports. There are many types of pre-generated reports available.
– If needed, reports can be scheduled to be sent via email. As well as change, customize, import and export them.
+Using SmartView via browser:
– You can work with Logs and Views through the browser without opening SmartConsole, to use open SmartView by URL (IP SMS)/smartview
– Once logged in, you will see an interface similar to SmartConsole.
– SmartView via browser allows administrators to access logs and security events without the need for other administrative tools, in such cases you do not need SmartConsole on the device.
!!! Thank you for following the article!!!
Xem tiếp...