Checkpoint bandwidth report showing incorrect KBytes information

3 years ago

Originally Published: 2009-03-16

Article Number

000044118

Applies To

enVision 3.5.x, 3.7.x

Issue

Try to generate "Firewall-1 -Bandwidth Usage by Address" report with correct KBytes information
You are collecting logs from checkpoint firewall. However when you try to run this report, you see all the KBytes field are set to 1.

Cause

When collecting logs from the checkpoint device, the following messages ID need to be collected. They contain bandwidth information (in bytes) for enVision to calculate

031060
031080
060010
060020
060030
070500

Resolution

There could be 2 reasons why these messages are not in the database

Those message have not being logged in the Checkpoint device. Please contact Checkpoint administrator to ensure these messages ID have being logged
Customer is using outdated event source update and thus can~{!/~}t save these messages into the database propoerly. Please ensure to have updated with the latest event source update to see if we can save these messages properly

For reference, a sample of these messages is below:

~{!0~}

Apr 23 11:50:37 [10.10.50.32] Apr 23 2004 12:00:37: %CHKPNT-6-060010: TCP Connection src 10.10.50.129/80 gaddr 210.67.241.200 dst 210.67.241.200/23 duration 30 bytes 200

Apr 23 11:49:22 [10.10.50.32] Apr 23 2004 10:23:27: %CHKPNT-6-060020: accept,NIE-2500,inbound,E100B0,10.10.50.199,138,10.10.50.245,138,nbdatagram,udp,2,100, , , , ,enc_failure, , , , ,user,message_info, , , , , , , , , , , , ,1,VPN-1, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,"

~{!0~}

The numbers in bold show the bytes value and it~{!/~}s used by enVision to calculate the bandwidth.

Don't see what you're looking for?

Related Articles

Trending Articles