Command Auditing (asg log audit)
Use the CLI command auditing to:
-
Notify users about critical actions they are about to do
-
Obtain confirmation for critical actions
-
Create forensic logs
If users confirm the action, it is necessary to supply their names and provide a reason for running the command.
If the command affects a Critical Device (Pnote), a second confirmation can be required.
For example, if you use administrative privileges to change the state of a Security Group
A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Member to DOWN, the output looks like this:
|
[Expert@MyChassis-ch0x-0x:0]# asg_sgm_admin -b 2_01 down You are about to perform sgm_admin down on blades: 2_01
Are you sure? (y - yes, any other key - no) y
sgm_admin down requires auditing Enter your full name: John Smith Enter reason for sgm_admin down [Maintenance]: Maintenance WARNING: sgm_admin down on SGM |
Description
Use the "asg log audit" command to see the audit logs.
Syntax
|
|
Example