Using the Logs View

In SmartConsole:

  1. Go to Logs and Monitoring > View.

  2. Click New, and select New View.

  3. In the New View window, enter:

    • Name

    • Category - For example, select Access Control

    • Description (optional)

  4. In the new window that opens, create a query. Click Options > View Filter and select blade and app control.

  5. Click Add Widget to customize how you see the data that comes back from the query.

    Start with a Timeline of all events.

    In Table, you can create a table that contains multiple fields such as user, application name, and the amount of traffic. There are more widgets you can use: map, infographic, rich text, chart, and container (for multiple widgets).

    After you save the dashboard (done), you can schedule and get an automatic email at multiple intervals.

This is an example of the Logs view.

Item

Description

1

Queries - Predefined and favorite search queries.

2

Time Period - Search with predefined custom time periods.

3

Query search bar - Define custom queries in this field. You can use the GUI tools or manually enter query criteria. Shows the query definition for the most recent query.

4

Log statistics pane - Shows top results of the most recent query.

5

Results pane - Shows log entries for the most recent query.

Note - On a Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. with the "Enable Log Indexing" option not selected, and a dedicated Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs. with "Enable Log Indexing" option selected: When you connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server., the Logs view shows the logs of individual log files. It is not possible to get a unified view of all the logs.

Notes:

  • The selected "Default Time Frame" values are not synchronized between SmartConsole and SmartView. In SmartConsole, the export time of log records is based on the "Default time frame" that a user selected in SmartView > in the top right corner, click the user icon > click "User Preferences".

  • The "Default Time Frame" configuration is not synchronized between the Primary / Secondary Management Server or Dedicated Log Server / Dedicated SmartEvent Servers.

  • On a Multi-Domain Security Management Server, the "Default Time Frame" configuration is saved for each Domain for each user.

    Example:

    1. In SmartView "User Preferences", you selected "Last 7 Days".

    2. In SmartConsole "Logs" tab, you selected "Today".

    3. In SmartConsole you export the log records.

      These records are exported for the last 7 days.