cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
630
Views
0
Helpful
5
Replies

MARS : No Checkpoint log !!!

aichireh
Level 1
Level 1

Hi everybody,

I've a problem with Checkpoint logs with MARS. I've add Checkpoint SmartCenter(successful discovery, LEA, CPIM) to MARS. I've tested successfull connectivity. But I do no log is pulled from Checkpoint firewall. Can somebody help me, plz.

Many tks.

Inti

5 Replies 5

amritpatek
Level 6
Level 6

To generate a .cab file of log and system Registry information, follow these steps:

Step 1 Log in to the MARS Appliance. For more information, see Log In to the Appliance via the Console.

Step 2 Type pnlog show and the appropriate argument.

Step 3 Press Enter.

Step 4 To stop the output at any time, press Ctrl+C.

Hi !

Thanks for your info. Sorry for my new query cause I'm new in MARS. I've added other devices such as Snort, IPS4240 or ASA. But I've problem with Chechpoint.

All logs I receive on CS-MARS (in the Query/Reports tab): refer to the following

"CheckPoint Audit Log: Successfully logged in/out".

It seems that I've just Audit logs and NOT traffic logs.

Thanks in advance.

Did you try running a raw events query for the checkpoint reporting device?

Regards

Farrukh

Hi Farruk,

Yes, I did.

I've checked in Checkpoint Tracker that I have traffic and logs.

Then in MARS , in the Query/Report tab, I've selected my checkpoint device, and launched query. And No Logs appear. That's really my problem.

Thanks a lot.

aichireh

Try running a query for "Event Raw Messages ranked by Time, Real Time(raw events) " instead of selecting the checkpoint device. It could be that the device is report from a different IP address than the one you configured in MARS.

You can also get 'Raw events' from Admin >> System Maintenance >> Retrieve Raw Messages

Then check the raw events for any events from the CheckPnt fw.

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: