|
|
|
In This Section: |
You can create rich and customizable views and reports for log and event monitoring, that inform key stakeholders about security activities.
The views are available from two locations:
Where Server IP is IP address of the Security Management Server or SmartEvent server.
For a quick overview of Views and Reports in R80, see the online tutorial.
To allow SmartEvent views and reports, you must install and configure a SmartEvent Server. For the details, see Deploying SmartEvent.
In the Logs & Monitor view, click the (+) tab to open a catalog of all views and reports, predefined and customized. Click a view or report to open it.
Item |
Description |
|---|---|
1 |
Open Log View - See and search through the logs from all Log Servers. You can also search the logs from a Log Server that you choose. Open Audit Logs View - See and search records of actions done by SmartConsole administrators. These views come from the Log Servers. Other views come from the SmartEvent Server. |
2 |
Compliance View - Optimize your security settings and ensure compliance with regulatory requirements. |
3 |
Views - The list of predefined and customized views. A view is an interactive dashboard made up of widgets. The view tells administrators and other stakeholders about security and network events. Each widget is the output of a query. Widgets can show the information as a graph, table, or some other format. To find out more about the events, double-click a widget to drill down to a more specific view or raw log files. |
4 |
Reports - The list of predefined and customized reports. A report has multiple views, and applies to the time that the report is generated. It gives more details than a view. There are several predefined reports, and you can create new reports. Reports can be customized, filtered, generated and scheduled. You cannot drill down into a report. A report is divided onto pages. |
5 |
Favorites - Use this view to collect the views and reports you use the most. |
6 |
Switch to Table View or Thumbnails View - The Table view is the default for views and reports. The Thumbnails view is the default for the Favorites and Recents. |
7 |
External Apps
|
Views tells administrators and other stakeholders about security and network events. A view is an interactive dashboard made up of widgets. Each widget is the output of a query. A Widget can show information in different formats, for example, a graph or a table.
SmartConsole comes with several predefined views. You can create new views that match your needs, or you can customize an existing view.
In the Logs & Monitor view, clicking the (+) tab opens a catalog of all views and reports, predefined and customized. Click a view to open it.
Item |
Description |
|---|---|
1 |
Widget- The output of a query. A Widget can show information in different formats, for example, a graph or a table. |
2 |
Drill Down - To find out more about the events, double-click a widget to drill down to a more specific view or raw log files. |
3 |
Options - Customize the view |
4 |
Queries - Predefined and favorite search queries |
5 |
Time Period - Specify the time periods for the view. |
6 |
Query search bar - Define custom queries using the GUI tools, or manually entering query criteria. Shows the query definition for the most recent query. |
Customize your views according to these options:
Click Edit to switch to view edit mode.
SmartConsole saves an administrator's customized views.
The No page limit option shows more results by spreading them across a number of pages.
To export the view layout and widget definitions to a file, use the Export option
To import the file from another server, or from another administrator, use the Import option in the Catalog (new tab).
The Save as PDF option saves the current view as a PDF file, based on the defined filters and time frame.
A report has multiple pages, and applies to the time that the report is generated. There are several predefined reports, and you can create new reports. A report gives more details than a view. Reports can be customized, filtered, generated and scheduled. You cannot drill down into a report.
In the Logs & Monitor view, clicking the (+) tab opens a catalog of all views and reports, predefined and customized. Double-click a report to open it.
Item |
Description |
|---|---|
1 |
Preview bar - A report is divided onto pages, usually, one view on one page. Editing a report is done per page, in the same way as you edit a view. |
2 |
Options - Customize, and generate a report. |
3 |
Time Period - Specify the time periods for the report. |
4 |
Query Search bar - Define custom queries using the GUI tools, or manually entering query criteria. Shows the query definition for the most recent query. |
Customize your reports according to these options:
Click Edit to switch to the report edit mode.
To customize widgets, see: Customizing Widgets
SmartConsole saves an administrator's customized reports. To share customized reports with other administrators, use the Export and Import options.
Report Settings
Reports can be configured according to these options:
You can also add or remove pages by clicking one of these:
Note -
See: Generating a Report
You can filter based on User Groups.
To enable this feature, you must first do initial configuration steps.
To configure SmartEvent for user group filtering:
To generate reports filtered by user groups:
The generated report is based on users mapped to the selected groups.
To define a scheduled report filtered by user groups:
The User Group name typically starts with the prefix "ad_".
The Filter icon is on the toolbar, above the report page selection area.
Note: In the Generate a Report window, make sure that the User Group filter is defined as Any.
SmartEvent automatically downloads new predefined reports and updates to existing predefined reports. To use this feature, the SmartEvent client computer must be connected to the Internet.
You can configure reports to show your company logo on report cover pages. The Check Point logo shows on report cover pages.
To add a logo to your reports:
cover-company-logo.png.$RTDIR/smartview/conf directory on the SmartEvent server.Note: The best image dimensions are 152 pixels wide by 94 pixels high.
To export the view layout and widget definitions to a file, use the Export option
To import the file from another server, or from another administrator, use the Import option in the Catalog (new tab).
You can use predefined graphical report templates in the SmartEvent GUI for the most frequently seen security issues. Try these before you create a customized report.
Generate a predefined report in the SmartEvent GUI if you want to schedule it.
To generate a predefined report:
Your reports are saved in the Report History.
To schedule a report you need to define and edit it in the SmartEvent GUI client.
Note - Reports in the SmartEvent GUI client are different from reports in SmartConsole or the SmartView Web Application. To customize a report before scheduling, edit the report in the SmartEvent GUI client:
To schedule a report:
The Schedule and Email settings configuration window opens.
.
The Network Activity report shows important firewall connections. For example, top sources, destinations, and services. To create this report, SmartEvent must first index the firewall logs.
To enable the Network Activity Report :
Note - this configuration increases the number of events per day by about five times. To avoid a performance impact, make sure the hardware can handle the load.
You can configure SmartEvent to automatically send reports by email to specified, default recipients each time the report runs. Use this procedure to define the default recipient addresses and the SMTP server connection.
To configure email server settings:
The sender email address shows on all report emails sent by SmartEvent.
You can enter more than one email address in each field, separated by semicolons.