Split-second search results provides visibility into billions of log records
Analyze patterns from multiple log files for proactive security investigation
Real-time visibility of security activity reduces troubleshooting time
Integral part of Check Point Security Management
SmartLog is a powerful, easy to use Log Management tool that reads logs generated by Check Point and OPSEC log-generating products, and enables enterprises to centrally track log records across all Software Blades with:
SmartLog provides simple and intuitive split-second Google-like search and filtering results for instant visibility of security status. Textual search is available on all log records and fields, along with real-time log indexing. SmartLog has a scalable and robust architecture that can search billions of log records. This dramatically reduces the time required to troubleshoot configuration errors.
SmartLog provides real-time log tracking of all logged connections and activity where administrators can search for events of interest. Proactive security investigation allows for analysis of communication patterns over multiple log files, time periods, gateways and domains with top-level statistical display. Search results can be drilled down to a single log record and log filters/queries can be saved for future use. The timeline view provides clear understanding and orientation of results. These features dramatically reduce troubleshooting time.
SmartLog comes with many predefined queries that are ready to run right out of the box. You can also create your own custom queries and save them for future use.
Monitor communication patterns over multiple log files, time periods, gateways and domains for proactive security investigation. Search results can be queried to a single log record and can be saved for future use.
SmartLog is part of the SmartConsole suite, available at no extra charge with the Logging and Status Software Blade, R75.40 and later. No additional configuration is necessary – administrators simply enable SmartLog on their management or log server, saving time and reducing costs by leveraging existing security systems.
The Logging and Status Software Blade is an integral component of Check Point Security Management Systems. Check Point’s unified security management system enables centralized tracking for all software blades from one console. The Logging and Status Software Blade can be easily activated on existing Check Point Security Gateways and Management Servers saving time and reducing costs by leveraging existing security infrastructure.
|Device Storage||1x1TB||1x2TB||2x2TB||4x2TB||up to 12x2TB (RAID60) (default 6x2TB)|
|Log File Partition Size||700GB||1.6TB||1.465TB||2.93TB||up to 12 TB (default 6.4TB)|
|GB of Logs/Day (Indexed)||3||5||11||261||441|
|1 In Multi-Domain configuration|
|Log format||As defined in the OPSEC LEA API|
|Packet capture||Available for IPS events|
|Log types||Connection, active, audit and others depending on product|
|Event notification types||Log, alert, SNMP trap, email, and user- defined script|
|Granular log options||Security policy rulebase globally for implied rules and other options|
|Secure log transport||Via the Check Point Secure Internal Infrastructure|
|Automatic log switching||Up to 2 GB (default), configurable|
|Log switch||Manual or automatic at a specific time or size|
|Log file maintenance||Maintain a free percentage of disk space, specify alerts to keep for specified days and run a user defined script|
|Backup log servers||Store locally or send to alternate log servers|
|Predefined and customizable log queries||Predefined by product|
|Customizable log filters||By log field|
|Remote log file management||Switch, view, and retrieve from Tracker|
|Default and user defined tools||Ping, whois and nslookup|
|Internet Protocol versions||IPv6 and IPv4|