BenefitsSplit-second search results provides visibility into billions of log records
- Simple and intuitive Google-like search experience
- Split-second search results from any log field
- Tuned for large-scale environments
- Find records over multilple log files, time periods, gateways and domains
- Look for patterns by action, user, time or geography
- Top-level statistical display on search results
- Real-time security logging of all connections and administrator activity
- Flexible control of the location and size of log storage
- Integrates with third-party security logging solutions via OPSEC LEA API
- Centrally track security activity across all Software Blades
- Unified log search and investigation in Multi-Domain environments
- Part of Check Point's unified Security Management Suite
SmartLog is a powerful, easy to use Log Management tool that reads logs generated by Check Point and OPSEC log-generating products, and enables enterprises to centrally track log records across all Software Blades with:
- Split-second search results that provide instant visibility into billions of log records
- Intuitive search experience with real-time search results from any log field.
- Ability to search multiple log files, time periods, gateways, domains, actions, users, time period or geographies for proactive security investigation.
SmartLog provides simple and intuitive split-second Google-like search and filtering results for instant visibility of security status. Textual search is available on all log records and fields, along with real-time log indexing. SmartLog has a scalable and robust architecture that can search billions of log records. This dramatically reduces the time required to troubleshoot configuration errors.
SmartLog provides real-time log tracking of all logged connections and activity where administrators can search for events of interest. Proactive security investigation allows for analysis of communication patterns over multiple log files, time periods, gateways and domains with top-level statistical display. Search results can be drilled down to a single log record and log filters/queries can be saved for future use. The timeline view provides clear understanding and orientation of results. These features dramatically reduce troubleshooting time.
SmartLog comes with many predefined queries that are ready to run right out of the box. You can also create your own custom queries and save them for future use.
Monitor communication patterns over multiple log files, time periods, gateways and domains for proactive security investigation. Search results can be queried to a single log record and can be saved for future use.
SmartLog is part of the SmartConsole suite, available at no extra charge with the Logging and Status Software Blade, R75.40 and later. No additional configuration is necessary – administrators simply enable SmartLog on their management or log server, saving time and reducing costs by leveraging existing security systems.
The Logging and Status Software Blade is an integral component of Check Point Security Management Systems. Check Point’s unified security management system enables centralized tracking for all software blades from one console. The Logging and Status Software Blade can be easily activated on existing Check Point Security Gateways and Management Servers saving time and reducing costs by leveraging existing security infrastructure.
How It Works
1 In Multi-Domain configuration
Managed Gateways 5 10 25 50 150+
Device Storage 1x1TB 1x2TB 2x2TB 4x2TB up to 12x2TB (RAID60)
Log File Partition Size 700GB 1.6TB 1.465TB 2.93TB up to 12 TB
GB of Logs/Day (Indexed) 3 5 11 261 441
Log format As defined in the OPSEC LEA API
Packet capture Available for IPS events
Log types Connection, active, audit and others depending on product
Event notification types Log, alert, SNMP trap, email, and user- defined script
Granular log options Security policy rulebase globally for implied rules and other options
Secure log transport Via the Check Point Secure Internal Infrastructure
Automatic log switching Up to 2 GB (default), configurable
Log switch Manual or automatic at a specific time or size
Log file maintenance Maintain a free percentage of disk space, specify alerts to keep for specified days and run a user defined script
Backup log servers Store locally or send to alternate log servers
Predefined and customizable log queries Predefined by product
Customizable log filters By log field
Remote log file management Switch, view, and retrieve from Tracker
Default and user defined tools Ping, whois and nslookup
Internet Protocol versions IPv6 and IPv4