|
|
|
In This Section: |
You can create rich and customizable views and reports for log and event monitoring, that inform key stakeholders about security activities.
Use these GUIs:
<Server IP> is IP address of the Security Management Server or SmartEvent server.
To enable SmartEvent views and reports, you must install and configure a SmartEvent Server.
In the Logs & Monitor view, click the (+) tab to open a catalog of all views and reports, predefined and customized. Click a view or report to open it.
Item |
Description |
|---|---|
1 |
Open Log View - See and search through the logs from all Log Servers. You can also search the logs from a Log Server that you choose. Open Audit Logs View - See and search records of actions done by SmartConsole administrators. These views come from the Log Servers. Other views come from the SmartEvent Server. |
2 |
Compliance View - Optimize your security settings and ensure compliance with regulatory requirements. |
3 |
Views - The list of predefined and customized views. A view is an interactive dashboard made up of widgets. The view tells administrators and other stakeholders about security and network events. Each widget is the output of a query. Widgets can show the information as a chart, table, or some other format. To find out more about the events, double-click a widget to drill down to a more specific view or raw log files. |
4 |
Reports - The list of predefined and customized reports. A report has multiple pages, and applies to the time that the report is generated. There are several predefined reports, and you can create new reports. A reports gives more details than a view. Reports can be customized, filtered, generated and scheduled. You cannot drill down into a report. |
5 |
Favorites - Use this view to collect the views and reports you use the most. |
6 |
Switch to Table View or Thumbnails View - The Table view is the default for views and reports. The Thumbnails view is the default for the Favorites and Recent views and reports |
7 |
Scheduled Tasks - See and edit scheduled tasks. Archive - Completed and in-progress tasks for generating and exporting reports. |
8 |
External Apps
|
Views tells administrators and other stakeholders about security and network events. A view is an interactive dashboard made up of widgets. Each widget is the output of a query. A Widget can show information in different formats, for example, a chart or a table.
SmartConsole comes with several predefined views. You can create new views that match your needs, or you can customize an existing view.
In the Logs & Monitor view, clicking the (+) tab opens a catalog of all views and reports, predefined and customized. Double-click a view to open it.
Item |
Description |
|---|---|
1 |
Widget- The output of a query. A Widget can show information in different formats, for example, a chart or a table. |
2 |
Drill Down - To find out more about the events, double-click a widget to drill down to a more specific view or raw log files. |
3 |
Options - Customize the view, restore defaults, Hide Identities, export. |
4 |
Queries - Predefined and favorite search queries |
5 |
Time Period - Specify the time periods for the view. |
6 |
Query search bar - Define custom queries using the GUI tools, or manually entering query criteria. Shows the query definition for the most recent query. |
A report has multiple pages, and applies to the time that the report is generated. There are several predefined reports, and you can create new reports. A report gives more details than a view. Reports can be customized, filtered, generated and scheduled. You cannot drill down into a report.
In the Logs & Monitor view, clicking the (+) tab opens a catalog of all views and reports, predefined and customized. Double-click a report to open it.
Item |
Description |
|---|---|
1 |
Preview bar - A report is divided onto pages, usually, one view on one page. Editing a report is done per page, in the same way as you edit a view. |
2 |
Options - Customize, and generate a report. |
3 |
Time Period - Specify the time periods for the report. |
4 |
Query Search bar - Define custom queries using the GUI tools, or manually entering query criteria. Shows the query definition for the most recent query. |
SmartEvent automatically downloads new predefined views and reports, and downloads updates to existing predefined ones. To allow this, make sure the management server has Internet connectivity to the Check Point Support Center.
Use the predefined graphical views and reports for the most frequently seen security issues. You can also customize the views and reports.
To open a view or report
The Export to PDF and Export to Excel options save the current view or report as a PDF or Excel file, based on the defined filters and time frame.
To export a view or report to PDF or Excel:
Alternatively, click Open and from inside the view or report click Options > Export to PDF or Export to Excel.
To see your exported views and reports:
The Network Activity report shows important firewall connections. For example, top sources, destinations, and services. To create this report, SmartEvent must first index the firewall logs.
To enable the Network Activity Report for R80.10 and higher Gateways:
In SmartConsole, in the Access Control Policy rule, add per Session to the Track settings.
To enable the Network Activity Report for Pre-R80.10 Gateways:
Note - this configuration increases the number of events per day by about five times. To avoid a performance impact, make sure the hardware can handle the load.
To run the Network Activity Report:
To schedule a view or report you need to define and edit it in SmartConsole.
To schedule a report:
The Schedule page of the Export settings window opens.
To see your scheduled views and reports:
To learn more about logging and monitoring, see the R80.10 Logging and Monitoring Guide.
