The Check Point Logging and Status Software Blade transforms data into security intelligence with SmartLog, an advanced log analyzer that delivers split-second search results providing real-time visibility into billions of log records over multiple time periods and domains.

Benefits

Split-second search results provides visibility into billions of log records
  • Simple and intuitive Google-like search experience
  • Split-second search results from any log field
  • Tuned for large-scale environments
Analyze patterns from multiple log files for proactive security investigation
  • Find records over multilple log files, time periods, gateways and domains
  • Look for patterns by action, user, time or geography
  • Top-level statistical display on search results
Real-time visibility of security activity reduces troubleshooting time
  • Real-time security logging of all connections and administrator activity
  • Flexible control of the location and size of log storage
  • Integrates with third-party security logging solutions via OPSEC LEA API
Integral part of Check Point Security Management
  • Centrally track security activity across all Software Blades
  • Unified log search and investigation in Multi-Domain environments
  • Part of Check Point's unified Security Management Suite

Features

SmartLog is a powerful, easy to use Log Management tool that reads logs generated by Check Point and OPSEC log-generating products, and enables enterprises to centrally track log records across all Software Blades with:

  • Split-second search results that provide instant visibility into billions of log records
  • Intuitive search experience with real-time search results from any log field.
  • Ability to search multiple log files, time periods, gateways, domains, actions, users, time period or geographies for proactive security investigation.

SmartLog provides simple and intuitive split-second Google-like search and filtering results for instant visibility of security status. Textual search is available on all log records and fields, along with real-time log indexing. SmartLog has a scalable and robust architecture that can search billions of log records. This dramatically reduces the time required to troubleshoot configuration errors.

easy search experience

SmartLog provides real-time log tracking of all logged connections and activity where administrators can search for events of interest. Proactive security investigation allows for analysis of communication patterns over multiple log files, time periods, gateways and domains with top-level statistical display. Search results can be drilled down to a single log record and log filters/queries can be saved for future use.  The timeline view provides clear understanding and orientation of results.  These features dramatically reduce troubleshooting time.

SmartLog comes with many predefined queries that are ready to run right out of the box.  You can also create your own custom queries and save them for future use.

easy queries

Monitor communication patterns over multiple log files, time periods, gateways and domains for proactive security investigation. Search results can be queried to a single log record and can be saved for future use.

SmartLog is part of the SmartConsole suite, available at no extra charge with the Logging and Status Software Blade, R75.40 and later. No additional configuration is necessary – administrators simply enable SmartLog on their management or log server, saving time and reducing costs by leveraging existing security systems.

The Logging and Status Software Blade is an integral component of Check Point Security Management Systems. Check Point’s unified security management system enables centralized tracking for all software blades from one console.  The Logging and Status Software Blade can be easily activated on existing Check Point Security Gateways and Management Servers saving time and reducing costs by leveraging existing security infrastructure.

How It Works

how smartlog works

Specifications

Appliance
205
210
225
3050
3150
1 In Multi-Domain configuration
Managed Gateways 5102550150+
Device Storage1x1TB1x2TB2x2TB4x2TBup to 12x2TB (RAID60)
(default 6x2TB)
Log File Partition Size700GB1.6TB1.465TB2.93TBup to 12 TB
(default 6.4TB)
GB of Logs/Day (Indexed)3511261441

Feature
Details
Log formatAs defined in the OPSEC LEA API
Packet captureAvailable for IPS events
Log typesConnection, active, audit and others depending on product
Event notification typesLog, alert, SNMP trap, email, and user- defined script
Granular log optionsSecurity policy rulebase globally for implied rules and other options
Secure log transportVia the Check Point Secure Internal Infrastructure
Automatic log switchingUp to 2 GB (default), configurable
Log switchManual or automatic at a specific time or size
Log file maintenanceMaintain a free percentage of disk space, specify alerts to keep for specified days and run a user defined script
Backup log serversStore locally or send to alternate log servers
Predefined and customizable log queriesPredefined by product
Customizable log filtersBy log field
Remote log file managementSwitch, view, and retrieve from Tracker
Default and user defined toolsPing, whois and nslookup
Internet Protocol versionsIPv6 and IPv4