MARS : No Checkpoint log !!!

Unanswered Question
Dec 3rd, 2008

Hi everybody,

I've a problem with Checkpoint logs with MARS. I've add Checkpoint SmartCenter(successful discovery, LEA, CPIM) to MARS. I've tested successfull connectivity. But I do no log is pulled from Checkpoint firewall. Can somebody help me, plz.

Many tks.

Inti

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
amritpatek Tue, 12/09/2008 - 14:31

To generate a .cab file of log and system Registry information, follow these steps:

Step 1 Log in to the MARS Appliance. For more information, see Log In to the Appliance via the Console.

Step 2 Type pnlog show and the appropriate argument.

Step 3 Press Enter.

Step 4 To stop the output at any time, press Ctrl+C.

aichireh@hotmail.com Thu, 12/11/2008 - 09:03

Hi !

Thanks for your info. Sorry for my new query cause I'm new in MARS. I've added other devices such as Snort, IPS4240 or ASA. But I've problem with Chechpoint.

All logs I receive on CS-MARS (in the Query/Reports tab): refer to the following

"CheckPoint Audit Log: Successfully logged in/out".

It seems that I've just Audit logs and NOT traffic logs.

Thanks in advance.

Farrukh Haroon Fri, 12/12/2008 - 22:02

Did you try running a raw events query for the checkpoint reporting device?

Regards

Farrukh

aichireh@hotmail.com Mon, 12/15/2008 - 01:50

Hi Farruk,

Yes, I did.

I've checked in Checkpoint Tracker that I have traffic and logs.

Then in MARS , in the Query/Report tab, I've selected my checkpoint device, and launched query. And No Logs appear. That's really my problem.

Thanks a lot.

aichireh

Farrukh Haroon Mon, 12/15/2008 - 02:38

Try running a query for "Event Raw Messages ranked by Time, Real Time(raw events) " instead of selecting the checkpoint device. It could be that the device is report from a different IP address than the one you configured in MARS.

You can also get 'Raw events' from Admin >> System Maintenance >> Retrieve Raw Messages

Then check the raw events for any events from the CheckPnt fw.

Regards

Farrukh

Actions

This Discussion