Sample Log Analysis

This is a sample procedure that shows how to do an analysis of a log of a dropped connection.

To show a log of a dropped connection:

  1. Log into SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

  2. Connect to the IP address of the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server., not to a Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs..

  3. In the Security Policies > Access Control > Policy view, select a ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. with the Drop action.

  4. In the bottom pane, click Logs.

    This shows the logs for connections that were dropped by the specific rule.

  5. Double-click a log.

    The Log Details window opens.