Endpoint Security clients upload logs to the Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data.
On the server, the logs are stored in the common log database, which you can see in the Logs tab of the SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. Logs & Monitor view.
Note - The VPN component uploads SCV logs to the VPN Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..
Client logs are:
Stored locally at:
C:\Documents and Settings\All Users\Application Data\CheckPoint\Endpoint Security\Logs
... ... ...
Plain text log file
When the file becomes too large, another is created.
Maximum of 10 log files can exist. When epslog.11.log is created, eplog1.log is deleted.
Can be viewed with any ASCII viewer, or by using the client viewer, or by manually running:
C:\Program Files\Common Files\Check Point\Logviewer\EPS_LogViewer.exe
Internal files, compressed and encrypted.
Uploaded according to the Common Client Policy to the Endpoint Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. and viewable in the Logs tab of the SmartConsole Logs & Monitor view.
Client logs can be used for external audit requirements and internal trouble-shooting.
For more details, see the Endpoint Security Client User Guide for your client release.