VoIP Logs and Queries in SmartConsole

Logs in SmartConsole

Logs show detailed, protocol-specific information for VoIP traffic. There are pre-configured VoIP log queries that supply enhanced troubleshooting capabilities.

To enable VoIP logging of VoIP calls:

1. In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., in the Security Policies tab, select your rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session..

2. From the Track column, select Log.

Note - If VoIP logging is disabled, only standard logging takes place. Standard logging includes the Source, Destination, and protocol information.

Logs are available for all protocols.

Queries from SmartConsole

To view preconfigured queries:

• In SmartConsole, in the Logs & Monitor tab, select Queries.

• In the Predefined list, the queries show.

  You can also add queries to your Favorite Queries list.

To add queries to your Favorites list:

1. In the Logs & Monitor tab, select Queries.

2. Select the query that you want to add to your favorites list.

   That query shows in the window.

3. Select Queries > Add to Favorites.

4. Configure the fields in the Add to Favorites window that opens.

5. Select Add.

   Important - There are no logs available for RTP call sessions in SmartConsole, but you can find additional information from the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

   Predefined Query	Type	When Sent	Shows
   Registration Session	Accept logs	After successful registration.	Registration IP address, phone number, port, and transport protocol (TCP/UDP). Registration period (seconds). IP address of the registrar server.
   Other Session	Accept logs	After response to SIP requests. Such as: Message or Update Response to MGCP commands	Source IP address, port, and phone number. Destination IP address, port and phone number. SIP method or MGCP command type.
   Security Events	Drop or Detect logs	Inspection Settings VoIP protection has detected a violation.	Source IP address, port and phone number. Destination IP address, port and phone number. Reason for log (Attack and Attack Information fields).
   Call Session	Accept logs	After a call is established, and updated after the call is closed.	Source IP address, port and phone number. Destination IP address, port and phone number. State of call (open/closed), duration (seconds), direction (Inbound/Outbound), media. (If there are multiple media streams, shows data of the first one only.)
   Policy Events	Drop or Detect logs	VoIP policy has detected a violation.	Source IP address, port and phone number. Destination IP address, port and phone number. Reason for log (VoIP Reject Reason and VoIP Reject Reason Information fields). Short configuration guidelines.

For complete information about logs and queries, see the R81 Logging and Monitoring Administration Guide.