Log Sessions

A session is a user's activity at a specified site or with a specified application. The session starts when a user connects to an application or to a site. The Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. includes all the activity that the user does in the session in one session log (in contrast to the Security Gateway log, which shows top sources, destinations, and services).

To search for log sessions:

In the Logs tab of the Logs & Monitor view, enter:

type:Session

To see details of the log session:

In the Logs tab of the Logs & Monitor view, select a session log.

In the bottom pane of the Logs tab, click the tabs to see details of the session log:

• Connections - Shows all the connections in the session. These show if Per connection is selected in the Track option of the rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session..

• URLs - Shows all the URLs in the session. These show if Extended Log is selected in the Track option of the rule.

• Files - Shows all the files uploaded or downloaded in the session. These show if Extended Log is selected in the Track option of the rule, or if a Data Type Classification of data in a Check Point Security Policy for the Content Awareness Software Blade. was matched on the connection.

To see the session log for a connection that is part of a session:

1. In the Logs tab of the Logs & Monitor view, double-click on the log record of a connection that is part of a session.

2. In the Log Details, click the session icon (in the top-right corner) to search for the session log in a new tab.

To configure the session timeout:

By default, after a session continues for three hours, the Security Gateway starts a new session log. You can change this in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. from the Manage & Settings view, in Blades > Application & URL Filtering > Advanced Settings > General > Connection unification.