12. Check Point Getting Started R80.20. Logs & Reports
Welcome to the 12th lesson. Today we will talk about another very important topic, namely working with logs and reports. Sometimes this functionality is almost decisive when choosing a remedy. Very much like "safeguards" convenient reporting system and functional search for various events. It's hard to blame them. In fact, logs and reports are an essential element of security assessment. How to understand the current level of security if you do not see what is happening? Fortunately, Check Point has everything in order and even more. Check Point has one of the best reporting systems that works out of the box! At the same time there is the possibility of customization and creating your own reports! All this is complemented by a convenient and intuitive process of working with logs. But let's get everything in order.
Brand new interface
If you worked with Check Point before, you were probably surprised by a completely new interface for working with logs and reports in the R80. In the picture you can see how many different utilities combined in one new tab Logs & monitor:
Logs & Monitor section
If you go to Logs & Monitor and open a new tab, then you should see something like the following:
By default there are two large sections:
- Audit Logs View – here you can find all events related to the entry / exit of administrators, changes in configuration, etc. Those. classic audit of administrator actions.
- Logs view – this is where you can search for events that “generate” all of our enabled blades, be it a firewall, antivirus, IPS, etc. We have already used this feature more than once.
In addition, there are also links to reports (Reports) and various dashboards (Views). A blade is required for their work. Smart event. But more on that later. First, let's deal with the work with logs.
Search by logs
In my opinion, working with logs in the R80 is a pleasure. We have a very smart search string that allows us to "cut off" by arbitrary text, and by blade, and by any other indexable parameters such as source, destination, action, etc.
At the same time, we can compile very complex search queries using logical operators. AND, OR, NOT. And for this, it is not even necessary to print something. The filter can be created in just a couple of mouse clicks. A little later, we will try it all out in practice.
Displaying Log-messages on the Access-List
Also, we have already appreciated the ability to display logs for a specific access list. It is incredibly convenient and you get used to it very quickly. Especially it helps with troubleshooting. You have selected an “access list” that is interesting to you and you can see from below whether the necessary traffic falls under it.
There is no need to go anywhere or make a complex filter for logs.
Views & Reports
Blade is responsible for reporting and visualization of data in Check Point Smart eventwhich is activated on the management server. This functionality can be called SIEM, but only for Check Point products! Technically, the Smart Event can also wrap logs from other systems (such as cisco, microsoft, etc.), but this is not a good idea 🙂 In practice, this is very problematic. But SmartEvent handles the chekpointovsky logs just fine. It can correlate, sum, average and much more. And it all works out of the box! By itself, there are already ready dashboards to display the most important information. In Check Point, they are called Views:
You can see that there is a fairly large number of default dashboards, which are very useful in daily administration and monitoring.
In addition to dashboards, where information is simply visualized, it is possible to generate full reports and save them in pdf or excel format. You can generate a schedule and send them to any mailbox.
And the best part! Dashboards and reports can be created by yourself! Those. you are not limited to embedded. Not every vendor can boast of this. In this case, the templates of these dashboards or reports can be imported or exported, which allows users to share their work. The process of creating dashboards is very simple and intuitive. I will try to show you this in the framework of the laboratory work, which you will find in the video tutorial below.