Tracking Options
Select these options in the Track column of a rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.:
-
None - Do not generate a log.
-
Log -This is the default Track option. It shows all the information that the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. used to match the connection. At a minimum, this is the Source, Destination, Source Port, and Destination Port. If there is a match on a rule that specifies an application, a session log shows the application name (for example, Dropbox). If there is a match on a rule that specifies a Data Type Classification of data in a Check Point Security Policy for the Content Awareness Software Blade., the session log shows information about the files, and the contents of the files.
-
Accounting - Select this to update the log at 10 minutes intervals, to show how much data has passed in the connection: Upload bytes, Download bytes, and browse time.
Note - When upgrading from R77.X or from R80 versions to R81, there are changes to the behavior of the options in the Track column. To learn more see sk116580.
Advanced Track options
Detailed Log and Extended Log are only available if one or more of these Blades are enabled on the Layer: Application & URL Filtering, Content Awareness, or Mobile Access.
-
Detailed Log -Equivalent to the Log option, but also shows the application that matched the connections, even if the rule does not specify an application. Best Practice - Use for a cleanup rule (Any/internet/Accept) of an Applications and URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF. Policy Layer that was upgraded from an R77 Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI. Rule Base All rules configured in a given Security Policy. Synonym: Rulebase..
-
Extended Log -Equivalent to the Detailed option, but also shows a full list of URLs and files in the connection or the session. The URLs and files show in the lower pane of the Logs view.
Log Generation
-
per Connection - Select this to show a different log for each connection in the session. This is the default for rules in a Layer with only Firewall enabled. These are basic Firewall logs.
-
per Session - Select this to generate one log for all the connections in the same session (see Log Sessions). This is the default for rules in a Layer with Application & URL Filtering or Content Awareness enabled. These are basic Application Control logs.
Alert:
For each alert option, you can define a script in > Global properties > Log and Alert > Alerts.
-
None - Do not generate an alert.
-
Alert - Generate a log of type Alert and run a command, such as: Show a popup window, send an email alert or an SNMP trap alert, or run a user-defined script as defined in the Global Properties.
-
SNMP - Generate a log of type Alert and send an SNMP alert to the SNMP GUI, as defined in the Global Properties.
-
Mail - Generate a log of type Alert and send an email to the administrator, as defined in the Global Properties.
-
User Defined Alert - Generate a log of type Alert and send one of three possible customized alerts. The alerts are defined by the scripts specified in the Global Properties.