In This Section: |
To see logs generated by a specified rule:
Application traffic generates a very large amount of activity. To make sure that the amount of logs is manageable, by default, logs are consolidated by session. A session is a period that starts when a user first accesses an application or site. During a session, the Security Gateway records one log for each application or site that a user accesses. All activity that the user does within the session is included in the log.
To see the number of connections made during a session:
In the Logs tab of the Logs & Monitor view, see the Suppressed Logs field of the log.
To configure the session duration:
To see logs from Application Control and URL Filtering:
Go to the Logs tab of the Logs & Monitor view, click the Favorites (star) icon, and select Predefined > Access > By Blade > Application Control or URL Filtering. The logs that you see depend on the Tracking Options that you configure in each Application Control and URL Filtering rule in the Access Control Policy Rule Base.
To see logs related to Application and URL Filtering Database updates on the Security Gateway:
Go to the Logs tab of the Logs & Monitor view, click the Favorites (star) icon, and select Predefined > Access > > System.
This also shows logs related to other system related issues, such as problems that the application detection service encounters.
To learn more about logging, see the R80 Logging and Monitoring Administration Guide.
SmartEvent has advanced analysis tools with filtering, charts, reporting, and statistics for all events.
The administrator must have HTTPS Inspection permissions to see data in HTTPS inspected traffic.
You can filter the Application Control and URL Filtering information for fast monitoring and useful reporting on application traffic.
We recommend that you use SmartEvent only for these purposes:
Use R80 SmartConsole for real-time event and log viewing.
To use SmartEvent, you must enable it on the Security Management Server or on a dedicated computer. See the R80 Logging and Monitoring Administration Guide.
To view Application and URL Filtering events in SmartEvent GUI:
The R80 SmartEvent opens.
The default view shows these panels:
You can customize the view and modify the filters as necessary. For more information, see the R80 Logging and Monitoring Administration Guide.
You can give an administrator permissions for:
To define an administrator with these permissions:
Create an administrator for R80 SmartConsole or one of the R80 SmartConsole clients.
If you create an administrator account through the Check Point Configuration Tool or the First Time Configuration Wizard, the authentication credentials are a username and a password. If you create it through the R80 SmartConsole, you can choose one of these authentication methods:
To create an administrator account using R80 SmartConsole:
The Administrators pane shows by default.
The New Administrators window opens.
Note - This parameter is case-sensitive.
Note - If you do not do this, the administrator will not be able to log in to R80 SmartConsole or other R80 SmartConsole clients, such as SmartEvent.
To define an Authentication Method:
Select one of the methods and follow the instructions in Configuring Authentication Methods for Administrators.
To create a Certificate:
In the Certificate Information section, click Create, enter a password, and save the certificate to a secure location.
The default expiration date shows, as defined in the Default Expiration Settings. After the expiration date, the account is no longer authorized to access network resources and applications.
To change an existing administrator account:
The Administrators properties window opens.
Administrators with Super User permissions can create, edit, or delete permission profiles.
To create a new permission profile:
The New Profile window opens.
To change a permission profile:
To delete a permission profile:
You cannot delete a profile that is assigned to an administrator. To see which administrators use a profile, in the error message, click Where Used.
If the profile is not assigned to administrators, a confirmation window opens.
In the Profile object, select the features and the Read or Write administrator permissions for them.
Monitoring and Logging Features
These are some of the available features:
Events and Reports Features
These are the permissions for the SmartEvent GUI:
To assign a permission profile to an administrator:
The Administrators properties window opens.