Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Current Release Note Information on SmartView Reporter

Platforms
The Reporting Client can be installed on Windows 95, Windows 98, or Windows NT platforms. The Reporting Server can only be installed on Windows NT.

VPN-1/FireWall-1 Compatibility
This version of the SmartView Reporter is compatible with the following Management Servers and VPN/FireWall Modules:

  • VPN-1/FireWall-1 Version 4.1
  • VPN-1/FireWall-1 Version 4.0 SP2 or higher

If you configure a VPN-1/FireWall-1 Version 4.0 Management Server on Solaris to communicate with a Reporting Station on Windows NT, you must read the log files using the external file option from the Log Consolidation GUI. This restriction will be removed in a future service pack.

Compatibility with pre-Version 4.0 VPN/FireWall Modules
It is NOT recommended to use the SmartView Reporter with log data from VPN/FireWall Modules Version 3.0 or before. In Version 3.0, the log and accounting messages do not include a marker that enables the Log Consolidator Engine to identify entries that appear in both log and accounting files.

If an event generated an entry in both the log and accounting files, the Log Consolidator Engine consolidates both entries, creating duplicate records in the Database. This will result in inaccurate reports in some instances.

Licenses
Standard Configuration
To install the SmartView Reporter 4.1 license, run rt_license.exe in the Reporting Server directory (for example, C:\Program Files\CheckPoint\Reporting Server ) as follows:

rt_license.exe putlic <SmartView Reporter License details>

For example:

rt_license.exe putlic 190.144.33.11 never aYyLQrpeF-L5NmHDHjF-F4SYajnVf-wcRarMEti fw1:4.1:rmu CK-CHECK-POINT

Run the rt_license.exe printlic command to verify that the license was updated.

If you are installing the license on a VPN-1/FireWall-1 Version 4.1 Management Server, you can also use the Check Point Configuration Tool to enter the license.

Standalone Reporting Station Configuration
In this configuration, you will need to install an additional license for a "reduced-functionality" VPN-1/FireWall-1 Management Server that can only perform logging functions.

First, install the SmartView Reporter license as explained above in See Standard Configuration above. Next, install the FireWall-1 Management Server on an additional platform and use fw.exe in the VPN-1/FireWall-1 bin directory on the Reporting Server machine to install the license.

For example, on VPN-1/FireWall-1 Version 4.0 SP2 or higher Management Server, proceed as follows:

fw putlic eval 37b6b89a-4263c1b1-7e9bfe23 3rdcmd
fw putlic eval 37b6d9bd-c546b679-47c76a05 ca

On a Version 4.1 or higher Management Server, you would simply install the license using the Check Point Configuration Tool.

See also the "Installation" chapter of Getting Started with Check Point SmartView Reporter for more details on licensing the SmartView Reporter.

Documentation
The following books are available in PDF format on the CD:
  • Getting Started with the Check Point SmartView Reporter

This document describes the overall product architecture, product components, installation procedure, and a step by step tutorial.

  • Check Point SmartView Reporter Administrator's Guide

This document includes chapters on defining and distributing reports, using the Log Consolidation features and additional reference information.

Online help is available for both the Log Consolidator and the Reporting Tool.

Working with Sample Connection Data
The SmartView Reporter includes a sample data (CON_DEMO connection table) of consolidated log entries from January 1, 1999 to February 19, 1999. Before you start creating reports from log files of VPN-1/FireWall-1, you can generate trial reports with the sample data to familiarize yourself with the product.

There are two ways to generate reports using the demo connection table:

Per Report
You can modify advanced report generation parameters per report. In this case, the sample connection data is retrieved from the demo connection table only for the generated report. To use the sample data per report, proceed as follows:
Open the report definition.
  1. Choose Show Current Report from the Run menu.
  2. In the Runtime Parameters window, click on Advanced Options. The Advanced Options window is displayed.
  3. In Connection Table, choose CON_DEMO from the drop-down box.

Note
The Log Consolidator continues to load records to the CON_CONNECTION (default connection table), even if you modify the RTGen.conf file. If you want to generate reports using your own consolidated data, you must modify the RTGen.conf file once again to use the CON_CONNECTION table.

All Reports
You can modify general report generation parameters to use the demo connection table for all reports.

To use the sample data for all reports, modify the CONNECTION_TABLE attribute in the file RTGen.conf as follows:

CONNECTION_TABLE = "CON_DEMO"

This file specifies the general report generation parameters. Data for all reports is automatically retrieved from the connection table specified in the CONNECTION_TABLE attribute.

Reinstallation
Every installation of the Reporting Server on a machine where the product was previous installed will delete the previous installation data. The Reporting Server 4.1 installation loads an empty database, "out-of-the box" Consolidation Policy and pre-defined report definitions.

If the Beta version of SmartView Reporter is installed, it is recommended to uninstall the Beta before installing the released version. If for some reason you install this version and need to install it again, please be aware that you will lose all information in the database unless the following steps are taken:

Save original log files in the $FWDIR/log directory. Do not rename the log files.
  1. Export your own report definitions to a backup location. You can import the report definition files after you re-install the software.
  2. Back up the Consolidation Policy (*.conf ) files from the
    ...\Reporting Server\Log Consolidator Engine\conf directory.
Upgrading
When upgrading VPN-1/FireWall-1 Version 4.0 installation on which a Reporting Server was installed, to VPN-1/FireWall-1 Version 4.1, the Consolidation Engine GUI no longer functions. To solve this problem, proceed as follows:

Append the text in the file
..\Reporting Server\Log Consolidator Engine\conf\fwmaddon (for example: c:\Program Files\CheckPoint\Reporting Server\Log Consolidator Engine\conf\fwmaddon )
to the file $FWDIR\conf\fwmaddon.

This can be done using standard text editors.

Restrictions
General
If you have modified VPN-1/FireWall-1 administration information (for example, Reporting GUI clients or administrators), you must stop and restart the Reporting Server in order for the changes to take effect.

To access the added or changed FireWall-1 objects from SmartView Reporter, it is necessary to wait for the Reporting Server to refresh the FireWall-1 objects. The default refresh cycle is set to 15 minutes. Then, you must exit and restart the Reporting Tool (GUI) in order to access the updated VPN-1/FireWall-1 objects. For immediate update, stop and restart the Reporting Server service as well as the Reporting Tool.

Administrator Permissions
If you are using SmartView Reporter with VPN-1/FireWall-1 Version 4.1, you can use the Check Point Configuration Tool to specify the permissions for the Reporting Tool and Log Consolidator.

GUI Clients

  1. Reporting Clients must also be defined as permitted GUI clients on the VPN-1/FireWall-1 Management Server. Clients are defined in the GUI Clients tab of the Check Point configuration application. After defining a new GUI client, you must stop and restart the Reporting Server.
  2. If you define a graph report, add a graph, and select a customer in the Criteria tab (with the mouse), the Reporting Tool can get stuck and will consume 100% of CPU.
Workaround
Click another field in the Criteria tab before moving to the customer selection, or use the keyboard to navigate in the fields.
  1. To see the "modified" selection criteria (only if Ask on Activation is checked) as default in the Run Time Parameters, you must close and re-open the report definition.
  2. Under certain circumstances, the criteria summary at the end of the report may not display the correct resolved values.
  3. If a VPN-1/FireWall-1 network object used in the SmartView Reporter is deleted in VPN-1/FireWall-1, it will be shown in reports as follows:
  4. If the deleted object is of type workstation, the saved IP address will be used.
  5. If the deleted object is of type network or address range, the first IP address of the range will be used. For all other objects, the network object name will be used in the report.

Source and Destination Criteria
Domain and Gateway Cluster objects cannot be used as selection criteria.

Criteria Tab
If you have deleted customers (marked as "(D)" in the customer tree), do not use the Whole Organization option since the report will include the wrong customers.

Workaround
Manually select the customers that should be represented in the report. Make sure that the Whole Organization check box is unchecked.

Target Tab
If a printer is missing in the printers list, see "Access to Printers" in Getting Started with the Check Point SmartView Reporter for information on adding a printer to the list.