Javier Santiago

CheckPoint Firewall Log - Rule Name field

Discussion created by Javier Santiago on Oct 20, 2010
Latest reply on Oct 31, 2010 by RSA Admin

We need to query/report CheckPoint firewall logs and use the rulename field to identify the traffic hitting each rule. The rulename filed is not being populated in enVision. We don't want to rely on the rule id field because the rule number can change as firewall rules are added and deleted. Does anyone knows if enVision is collecting/parsing the rulename field for CheckPoint devices?

Outcomes