MARS : No Checkpoint log !!!

Unanswered Question
amritpatek Tue, 12/09/2008 - 14:31
User Badges:
  • Silver, 250 points or more

To generate a .cab file of log and system Registry information, follow these steps:

Step 1 Log in to the MARS Appliance. For more information, see Log In to the Appliance via the Console.

Step 2 Type pnlog show and the appropriate argument.

Step 3 Press Enter.

Step 4 To stop the output at any time, press Ctrl+C.

Hi !

Thanks for your info. Sorry for my new query cause I'm new in MARS. I've added other devices such as Snort, IPS4240 or ASA. But I've problem with Chechpoint.

All logs I receive on CS-MARS (in the Query/Reports tab): refer to the following

"CheckPoint Audit Log: Successfully logged in/out".

It seems that I've just Audit logs and NOT traffic logs.

Thanks in advance.

Farrukh Haroon Fri, 12/12/2008 - 22:02
User Badges:
  • Red, 2250 points or more

Did you try running a raw events query for the checkpoint reporting device?



Farrukh Haroon Mon, 12/15/2008 - 02:38
User Badges:
  • Red, 2250 points or more

Try running a query for "Event Raw Messages ranked by Time, Real Time(raw events) " instead of selecting the checkpoint device. It could be that the device is report from a different IP address than the one you configured in MARS.

You can also get 'Raw events' from Admin >> System Maintenance >> Retrieve Raw Messages

Then check the raw events for any events from the CheckPnt fw.




This Discussion