Identity Collector - Send Monitoring Information
You can configure Identity Collector
Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement. For more information, see sk108235. You can download the Identity Collector package from sk134312. to send monitoring information to the Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway R80.20 and higher.
Each Identity Collector instance that is connected to the Identity Awareness Gateway sends information about the identity sources configured in the Query Pool that is linked to it. This information includes: type, name, host, and event counters.
Monitoring is not enabled by default. To enable monitoring, on the Windows Server add a registry key named "MonitoringEnabled" and set its value to "1" (Type: "DWORD").
Full file path:
-
On 32-bit Windows Servers:
HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\IdentityCollector\ -
On 64-bit Windows Servers:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\IdentityCollector\
The default interval for sending monitoring information is 10 seconds. You can configure this interval in the "MonitoringInterval" registry key (Type: "DWORD".
You can use these methods to query the data:
-
SNMP- Relevant SNMP Object Identifiers (OIDs) are located in the
$FWDIR/conf/identity_server.cpsfile on the Identity Awareness Gateway. -
CLI of an Identity Awareness Gateway:
-
On Identity Awareness Gateways of all versions:
cpstat identityServer -f idc -
On the PDP
Check Point Identity Awareness Security Gateway that acts as Policy Decision Point: acquires identities from identity sources; shares identities with other gateways. Identity Awareness Gateways R80.30 and higher:pdp idc status
-