checkpoint ngx even ti are porter user guide
TRANSCRIPT
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
1/96
Eventia Reporter
NGX (R60)
For additional technical information about Check Point products, consult Check Points SecureKnowledge at:
https:/ / secureknowledge.checkpoint.com
See the latest version of this document in the User Center at:
http:/ / www.checkpoint.com/ support/ technical/ documents/ docs_r60.html
Part No.: 701312
May 2005
https://secureknowledge.checkpoint.com/http://www.checkpoint.com/support/technical/documents/docs_r60.htmlhttp://www.checkpoint.com/support/technical/documents/docs_r60.htmlhttps://secureknowledge.checkpoint.com/ -
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
2/96
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
3/96
Check Point Software Technologies Ltd.U.S. Headquarters: 800 Bridge Parkway, Redwood City, CA 94065, Tel: (650) 628-2000 Fax: (650) 654-4233, [email protected] Headquarters: 3A Jabotinsky Street, Ramat Gan, 52520, Israel, Tel: 972-3-753 4555 Fax: 972-3-575 9256, http://www.checkpoint.com
2003-2005 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyrightand distributed under licensing restricting their use, copying, distribution, anddecompilation. No part of this product or related documentation may be reproduced inany form or by any means without prior written authorization of Check Point. While everyprecaution has been taken in the preparation of this book, Check Point assumes noresponsibility for errors or omissions. This publication and features described herein aresubject to change without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth insubparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause atDFARS 252.227-7013 and FAR 52.227-19.
TRADEMARKS:
2003-2005 Check Point Software Technologies Ltd. All rights reserved.
Check Point, Application Intelligence, Check Point Express, the Check Point logo,AlertAdvisor, ClusterXL, Cooperative Enforcement, ConnectControl, Connectra, CoSa,Cooperative Security Alliance, Eventia, Eventia Analyzer, FireWall-1, FireWall-1 GX,FireWall-1 SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL,Integrity, InterSpect, IQ Engine, Open Security Extension, OPSEC, Policy LifecycleManagement, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureKnowledge,
SecurePlatform, SecuRemote, SecureXL Turbocard, SecureServer, SecureUpdate,SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, Smarter Security,SmartDashboard, SmartDefense, SmartLSM, SmartMap, SmartUpdate, SmartView,SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker,SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM,User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge,VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1VSX, VPN-1 XL, Web Intelligence, ZoneAlarm, ZoneAlarm Pro, Zone Labs, and the ZoneLabs logo, are trademarks or registered trademarks of Check Point SoftwareTechnologies Ltd. or its affiliates. All other product names mentioned herein aretrademarks or registered trademarks of their respective owners. The products describedin this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935 and6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending
applications.
THIRD PARTIES:
Entrust is a registered trademark of Entrust Technologies, Inc. in the United States andother countries. Entrusts logos and Entrust product and service names are alsotrademarks of Entrust Technologies, Inc. Entrust Technologies Limited is a wholly ownedsubsidiary of Entrust Technologies, Inc. FireWall-1 and SecuRemote incorporatecertificate management technology from Entrust.
Verisign is a trademark of Verisign Inc.
The following statements refer to those portions of the software copyrighted by Universityof Michigan. Portions of the software copyright1992-1996 Regents of the University of
Michigan. All rights reserved. Redistribution and use in source and binary forms arepermitted provided that this notice is preserved and that due credit is given to theUniversity of Michigan at Ann Arbor. The name of the University may not be used toendorse or promote products derived from this software without specific prior writtenpermission. This software is provided as is without express or implied warranty.CopyrightSax Software (terminal emulation only).
The following statements refer to those portions of the software copyrighted by CarnegieMellon University.
Copyright 1997 by Carnegie Mellon University. All Rights Reserved.
Permission to use, copy, modify, and distribute this software and its documentation forany purpose and without fee is hereby granted, provided that the above copyright noticeappear in all copies and that both that copyright notice and this permission notice appear
in supporting documentation, and that the name of CMU not be used in advertising orpublicity pertaining to distribution of the software without specific, written priorpermission.CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, INNO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL, INDIRECT ORCONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROMLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR INCONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
The following statements refer to those portions of the software copyrighted by The OpenGroup.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANYCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THESOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
The following statements refer to those portions of the software copyrighted by TheOpenSSL Project. This product includes software developed by the OpenSSL Project foruse in the OpenSSL Toolkit (http://www.openssl.org/).
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY *EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THEIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULARPURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, ORPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANYTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THEUSE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCHDAMAGE.
The following statements refer to those portions of the software copyrighted by EricYoung. THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANYEXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THEIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULARPURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, ORPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANYTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THEUSE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCHDAMAGE. Copyright1998The Open Group.The following statements refer to those portions of the software copyrighted by Jean-loupGailly and Mark Adler Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler. Thissoftware is provided 'as-is', without any express or implied warranty. In no event will theauthors be held liable for any damages arising from the use of this software. Permissionis granted to anyone to use this software for any purpose, including commercial
applications, and to alter it and redistribute it freely, subject to the following restrictions:1. The origin of this software must not be misrepresented; you must not claim that youwrote the original software. If you use this software in a product, an acknowledgment inthe product documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not bemisrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
The following statements refer to those portions of the software copyrighted by the GnuPublic License. This program is free software; you can redistribute it and/or modify itunder the terms of the GNU General Public License as published by the Free SoftwareFoundation; either version 2 of the License, or (at your option) any later version. Thisprogram is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;without even the implied warranty of MERCHANTABILITY or FITNESS FOR APARTICULAR PURPOSE. See the GNU General Public License for more details.Youshould have received a copy of the GNU General Public License along with this program;if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,USA.
The following statements refer to those portions of the software copyrighted by ThaiOpen Source Software Center Ltd and Clark Cooper Copyright (c) 2001, 2002 Expatmaintainers. Permission is hereby granted, free of charge, to any person obtaining acopy of this software and associated documentation files (the "Software"), to deal in theSoftware without restriction, including without limitation the rights to use, copy, modify,merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permitpersons to whom the Software is furnished to do so, subject to the following conditions:The above copyright notice and this permission notice shall be included in all copies orsubstantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUTWARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITEDTO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS ORCOPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHERLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USEOR OTHER DEALINGS IN THE SOFTWARE.GDChart is free for use in your applications and for chart generation. YOU MAY NOT re-distribute or represent the code as your own. Any re-distributions of the code MUSTreference the author, and include any and all original documentation. Copyright. BruceVerderaime. 1998, 1999, 2000, 2001. Portions copyright 1994, 1995, 1996, 1997, 1998,1999, 2000, 2001, 2002 by Cold Spring Harbor Laboratory. Funded under Grant P41-RR02188 by the National Institutes of Health. Portions copyright 1996, 1997, 1998, 1999,
2000, 2001, 2002 by Boutell.Com, Inc. Portions relating to GD2 format copyright 1999,
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
4/96
2000, 2001, 2002 Philip Warner. Portions relating to PNG copyright 1999, 2000, 2001,2002 Greg Roelofs. Portions relating to gdttf.c copyright 1999, 2000, 2001, 2002 JohnEllson ([email protected]). Portions relating to gdft.c copyright 2001, 2002 John Ellson([email protected]). Portions relating to JPEG and to color quantization copyright2000, 2001, 2002, Doug Becker and copyright (C) 1994, 1995, 1996, 1997, 1998, 1999,2000, 2001, 2002, Thomas G. Lane. This software is based in part on the work of theIndependent JPEG Group. See the file README-JPEG.TXT for more information.Portions relating to WBMP copyright 2000, 2001, 2002 Maurice Szmurlo and Johan Vanden Brande. Permission has been granted to copy, distribute and modify gd in anycontext without fee, including a commercial application, provided that this notice ispresent in user-accessible supporting documentation. This does not affect your
ownership of the derived work itself, and the intent is to assure proper credit for theauthors of gd, not to interfere with your productive use of gd. If you have questions, ask."Derived works" includes all programs that utilize the library. Credit must be given inuser-accessible documentation. This software is provided "AS IS." The copyright holdersdisclaim all warranties, either express or implied, including but not limited to impliedwarranties of merchantability and fitness for a particular purpose, with respect to thiscode and accompanying documentation. Although their code does not appear in gd 2.0.4,the authors wish to thank David Koblas, David Rowley, and Hutchison Avenue SoftwareCorporation for their prior contributions.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use thisfile except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
The curl license
COPYRIGHT AND PERMISSION NOTICECopyright (c) 1996 - 2004, Daniel Stenberg, .All rights reserved.
Permission to use, copy, modify, and distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright
notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OROTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OROTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWAREOR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Except as contained in this notice, the name of a copyright holder shall not be used inadvertising or otherwise to promote the sale, use or other dealings in this Softwarewithout prior written authorization of the copyright holder.
The PHP License, version 3.0
Copyright (c) 1999 - 2004 The PHP Group. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, ispermitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list ofconditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list ofconditions and the following disclaimer in the documentation and/or other materialsprovided with the distribution.
3. The name "PHP" must not be used to endorse or promote products derived from thissoftware without prior written permission. For written permission, please [email protected].
4. Products derived from this software may not be called "PHP", nor may "PHP" appearin their name, without prior written permission from [email protected]. You may indicatethat your software works in conjunction with PHP by saying "Foo for PHP" instead ofcalling it "PHP Foo" or "phpfoo"
5. The PHP Group may publish revised and/or new versions of the license from time totime. Each version will be given a distinguishing version number. Once covered code hasbeen published under a particular version of the license, you may always continue to useit under the terms of that version. You may also choose to use such covered code underthe terms of any subsequent version of the license published by the PHP Group. No oneother than the PHP Group has the right to modify the terms applicable to covered codecreated under this License.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
"This product includes PHP, freely available from ".
THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' ANDANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR APARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHPDEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ORSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OROTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVENIF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals on behalf ofthe PHP Group. The PHP Group can be contacted via Email at [email protected].
For more information on the PHP Group and the PHP project, please see . This product includes the Zend Engine, freely available at .
This product includes software written by Tim Hudson ([email protected]).
Copyright (c) 2003, Itai Tzur
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, arepermitted provided that the following conditions are met:
Redistribution of source code must retain the above copyright notice, this list ofconditions and the following disclaimer.
Neither the name of Itai Tzur nor the names of other contributors may be used toendorse or promote products derived from this software without specific prior writtenpermission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ANDCONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OFMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AREDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, ORCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENTOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; ORBUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCEOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
Permission is hereby granted, free of charge, to any person obtaining a copy of thissoftware and associated documentation files (the "Software"), to deal in the Softwarewithout restriction, including without limitation the rights to use, copy, modify, merge,publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
to whom the Software is furnished to do so, subject to the following conditions: Theabove copyright notice and this permission notice shall be included in all copies orsubstantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHTHOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHERIN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF ORIN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS INTHE SOFTWARE.
Copyright 2003, 2004 NextHop Technologies, Inc. All rights reserved.
Confidential Copyright Notice
Except as stated herein, none of the material provided as a part of this document may becopied, reproduced, distrib-uted, republished, downloaded, displayed, posted ortransmitted in any form or by any means, including, but not lim-ited to, electronic,mechanical, photocopying, recording, or otherwise, without the prior written permission ofNextHop Technologies, Inc. Permission is granted to display, copy, distribute anddownload the materials in this doc-ument for personal, non-commercial use only,provided you do not modify the materials and that you retain all copy-right and otherproprietary notices contained in the materials unless otherwise stated. No materialcontained in this document may be "mirrored" on any server without written permission ofNextHop. Any unauthorized use of any material contained in this document may violatecopyright laws, trademark laws, the laws of privacy and publicity, and communicationsregulations and statutes. Permission terminates automatically if any of these terms orcondi-tions are breached. Upon termination, any downloaded and printed materials must
be immediately destroyed.Trademark Notice
The trademarks, service marks, and logos (the "Trademarks") used and displayed in thisdocument are registered and unregistered Trademarks of NextHop in the US and/or othercountries. The names of actual companies and products mentioned herein may beTrademarks of their respective owners. Nothing in this document should be construed asgranting, by implication, estoppel, or otherwise, any license or right to use any Trademarkdisplayed in the document. The owners aggressively enforce their intellectual propertyrights to the fullest extent of the law. The Trademarks may not be used in any way,including in advertising or publicity pertaining to distribution of, or access to, materials in
this document, including use, without prior, written permission. Use of Trademarks as a"hot" link to any website is prohibited unless establishment of such a link is approved in
advance in writing. Any questions concerning the use of these Trademarks should bereferred to NextHop at U.S. +1 734 222 1600.
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
5/96
U.S. Government Restricted Rights
The material in document is provided with "RESTRICTED RIGHTS." Software andaccompanying documentation are provided to the U.S. government ("Government") in atransaction subject to the Federal Acquisition Regulations with Restricted Rights. TheGovernment's rights to use, modify, reproduce, release, perform, display or disclose are
restricted by paragraph (b)(3) of the Rights in Noncommercial Computer Software andNoncommercial Computer Soft-ware Documentation clause at DFAR 252.227-7014 (Jun1995), and the other restrictions and terms in paragraph (g)(3)(i) of Rights in Data-General clause at FAR 52.227-14, Alternative III (Jun 87) and paragraph (c)(2) of theCommer-cial
Computer Software-Restricted Rights clause at FAR 52.227-19 (Jun 1987).
Use of the material in this document by the Government constitutes acknowledgment ofNextHop's proprietary rights in them, or that of the original creator. The Contractor/Licensor is NextHop located at 1911 Landings Drive, Mountain View, California 94043.Use, duplication, or disclosure by the Government is subject to restrictions as set forth inapplicable laws and regulations.
Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty
THE MATERIAL IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTIESOF ANY KIND EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT POSSIBLEPURSUANT TO THE APPLICABLE LAW, NEXTHOP DISCLAIMS ALL WARRAN-TIES,
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIEDWARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,NON INFRINGEMENT OR OTHER VIOLATION OF RIGHTS. NEITHER NEXTHOP NORANY OTHER PROVIDER OR DEVELOPER OF MATERIAL CONTAINED IN THISDOCUMENT WARRANTS OR MAKES ANY REPRESEN-TATIONS REGARDING THEUSE, VALIDITY, ACCURACY, OR RELIABILITY OF, OR THE RESULTS OF THE USEOF, OR OTHER-WISE RESPECTING, THE MATERIAL IN THIS DOCUMENT.
Limitation of Liability
UNDER NO CIRCUMSTANCES SHALL NEXTHOP BE LIABLE FOR ANY DIRECT,INDIRECT, SPECIAL, INCIDENTAL OR CONSE-QUENTIAL DAMAGES, INCLUDING,BUT NOT LIMITED TO, LOSS OF DATA OR PROFIT, ARISING OUT OF THE USE, ORTHE
INABILITY TO USE, THE MATERIAL IN THIS DOCUMENT, EVEN IF NEXTHOP OR ANEXTHOP AUTHORIZED REPRESENTATIVE HAS ADVISED OF THE POSSIBILITY OFSUCH DAMAGES. IF YOUR USE OF MATERIAL FROM THIS DOCUMENT RESULTSIN
THE NEED FOR SERVICING, REPAIR OR CORRECTION OF EQUIPMENT OR DATA,YOU ASSUME ANY COSTS THEREOF. SOME STATES DO NOT ALLOW THEEXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SOTHE
ABOVE LIMITATION OR EXCLUSION MAY NOT FULLY APPLY TO YOU.
Copyright ComponentOne, LLC 1991-2002. All Rights Reserved.
BIND: ISC Bind (Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC"))
Copyright 1997-2001, Theo de Raadt: the OpenBSD 2.9 Release
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
6/96
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
7/96
Table of Contents 7
Table Of Contents
Chapter 1 Getting StartedInstalling Eventia Reporter 9
Overview 9
Standalone Installation 11
Distributed Installation 13
Installing Eventia Reporter with Provider-1/ SiteManager-1 MDS 25Starting Eventia Reporter 27
Licenses 32
Chapter 2 Eventia ReporterThe Need for Reports 33
Eventia Reporter Solution 34
Some Basic Concepts and Terminology 34
Eventia Reporter Overview 35Log Consolidation Process 37
Eventia Reporter Standard Reports 39
Eventia Reporter Express Reports 40
Predefined Reports 41
Eventia Reporter Considerations 43
Standalone vs. Distributed Deployment 43
Log Availability vs. Log Storage and Processing 43
Log Consolidation Phase Considerations 44
R eport Generation Phase Considerations 46Eventia Reporter Database Management 48
Chapter 3 How ToQuick Start 53
How to Generate a Report 54
How to Customize a R eport 55
How to View and Collect Information about the Status of Report Generation 56
How to Start and Stop the Log Consolidator Engine 58How to Configure Consolidation Settings and Sessions 59
How to Export and Import Database Tables 62
How to Configure Database Maintenance Properties 63
Eventia Reporter Instructions 65
R equired Security Policy Configuration 66
Express R eports Configuration 66
Using Accounting Information in R eports 66
R eport Output Location 67
Additional Settings for Report Generation 68Generating R eports using the Command Line 68
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
8/96
8
How to Generate R eports based on Log Files that are not part of the Log File Sequence 69
How to Schedule Generations of the Same Report using Different Settings (a Different
Output or Style) 69
How to R ecover the Eventia Reporter Database 70
How to Interpret R eport Results whose Direction is Other 70
How to View Report Results without the Eventia Reporter Client 70
How to Upload Reports to a Web Server 70
How to Upload Reports to an FTP Server 72
How to Distribute Reports with a Custom Report Distribution Script 73
How to Improve Performance 74
Consolidation Policy Configuration 77
Chapter 4 Troubleshooting
Chapter 5 Out_of_the_box Consolidation Policy
Chapter 6 Predefined ReportsSecurity R eports 87
Network Activity Reports 88
VPN-1 Pro R eports 91System Information R eports 92
InterSpect 93
Firewall-1 GX R eports 94
My Reports 94
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
9/96
9
CHAPTER 1
Getting Started
In This Chapter
Installing Eventia Reporter
In This Section
Overview
Eventia Reporter can be installed in either a Standalone installation, or aDistributed installation:
SmartCenter Standalone installation Eventia R eporter is installed on theSmartCenter Server machine.
SmartCenter Distributed installation Eventia R eporter is installed on a machinededicated to reporting purposes. In addition, the Eventia Reporter Add-O n is
installed on the SmartCenter Server or a Provider-1/ SiteManager-1 machine. The
add-on contains data files with report definitions.
Installing Eventia Reporter page 9
Starting Eventia Reporter page 27
Licenses page 32
Overview page 9
Standalone Installation page 11Distributed Installation page 13
Installing Eventia Reporter with Provider-1/ SiteManager-1 MDS page 25
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
10/96
Installing Eventia Reporter
10
A distributed installation requires establishing Secure Internal Communication(SIC) between the two machines. The distributed installation is recommended,
since it provides better performance.
Performance Tips
To maximize the performance of your Eventia Reporter Server, follow these guidelines:
Hardware Recommendations for SmartCenter and Provider-1/SiteManager-1
Use a computer that matches the minimum hardware requirements, as specified inthe R elease Notes at:
http:/ / www.checkpoint.com/ techsupport/ downloads.jsp
Configure the network connection between the Eventia Reporter Server machineand the SmartCenter, or the Log server, to the optimal speed.
Use the fastest disk available with the highest R PM (R evolutions per Minute) anda large buffer size.
Adjust the database configuration file and consolidation memory buffers to use the
additional memory.
Increase the database and log disk size (for example, several gigabytes) to enable theEventia Reporter to cache information for better report generation performance. Ifa report requires additional space for caching it will be noted in the reports
Generation Information section. The Generation Information section can be foundin Appendix A > View generation information of the report result.
Installation
Choose a distributed configuration, dedicating a computer to Consolidation andR eport generation operations only.
Supported PlatformsWindows, Solaris and Linux platforms support both standalone and distributedinstallations.
Nokia platforms support only Eventia Reporter Add-O n Installation in a distributed
configuration.
Note - If you expect Eventia Reporter to read logs from a distributed log server, the database
must be installed on the log sever after the Eventia Reporter installation is complete.
http://www.checkpoint.com/techsupport/downloads.jsphttp://www.checkpoint.com/techsupport/downloads.jsp -
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
11/96
Standalone Installation
Chapter 1 Getting Started 11
Standalone Installation
In This Section
Windows Platform
1 In order to begin the installation, login as an Administrator and launch the Wrapperby double-clicking on the setup executable.
2 Select the products that you would like to install see Figure 1-1 on page 12. The
following components represent the minimum standalone component requirementsfor Eventia Reporter:
SmartCenter
SmartConsole
Eventia R eporter
Windows Platform page 11
Solaris / Linux Platform page 13
SecurePlatform page 13
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
12/96
Installing Eventia Reporter
12
FIGURE 1-1 Standalone Deployment - for Windows
Depending on the components that you have chosen to install, you may need to takeadditional steps before reaching step 3.
3 Verify the default directory, or browse to new location in which Eventia R eporter
will be installed.
4 Select Local Eventia Reporter Installation in order to install Eventia Reporter on the
local machine.
5 Verify the default directory, or browse to new location in which the output filescreated by Eventia Reporters output will be generated.
ClickNext and reboot the machine in order to complete the installation of the
Eventia R eporter and to continue with the next phase of the installation.
6 Launch SmartDashboard.
7 Install the Security Policy, (Policy>Install) or install the database (Policy>Install
Database) in order to make the Eventia Reporter fully functional.
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
13/96
Distributed Installation
Chapter 1 Getting Started 13
Solaris / Linux Platform
1 In order to begin the installation, mount the CD on the relevant subdirectory andlaunch the wrapper as follows:
2 In the mounted directory, run the script: UnixInstallScript.
3 R ead the End-User License Agreement (EULA) and if you accept clickYes.
4 Select whether you would like to perform an upgrade or create a new installation.
5 Continue from step 2 on page 11 in order to complete the process.
SecurePlatform1 After you install SecurePlatform from the CD, select the Eventia R eporter product
from cpconfig or from the SecurePlatform Web GUI.
2 Select whether you would like to perform an upgrade or create a new installation.
3 Continue from step 2 on page 11 in order to complete the process.
Distributed Installation
In a distributed installation, Eventia R eporter is installed on a different machine to that
of the SmartCenter server.
In This Section
Windows Platform
This installation process consists of three phases:
Install Eventia Reporter
Install SmartCenter and the Eventia R eporter Add-On
Prepare Eventia R eporter in SmartCenter
Windows Platform page 13Solaris / Linux / SecurePlatform page 18
Nokia IPSO page 20
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
14/96
Installing Eventia Reporter
14
Phase 1 - Installing the Eventia Reporter
1 Select Eventia R eporter and SmartConsole (optionally) for installation.
FIGURE 1-2 Distributed deployment - for Windows
Depending on the components that you have chosen to install, you may need to
take additional steps (such as installing other components and/ or licensemanagement) before reaching step 2.
2 Verify the default directory, or browse to new location in which Eventia R eporter
will be installed.
3 Select a folder in which the output files created by Eventia R eporters output will
be generated.
Depending on the components that you have chosen to install, you may need to
take additional steps before reaching step 4.
Note - Although SmartConsole does not have to be installed on this machine, if it is, youhave direct UI access to the SmartCenter server from this machine, thereby simplifying the
final installation steps.
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
15/96
Distributed Installation
Chapter 1 Getting Started 15
4 Enter the Activation Key in the specified fields. R emember the key; you will needto enter it at a later stage.
ClickFinish in order to complete the installation of the Eventia Reporter.
FIGURE 1-3 SIC activation
Phase 2 Installing SmartCenter and the Eventia Reporter Add-On
SmartCenter installation is described in the Getting Startedguide. Only the portion thatis related to Eventia R eporter is discussed in this section.
5 Install the SmartCenter server on a separate machine by selecting SmartCenter and
select Eventia Reporter, so that the Eventia Reporter Add-on is also installed duringthe SmartCenter installation.
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
16/96
Installing Eventia Reporter
16
FIGURE 1-4 Installing SmartCenter and the Eventia Reporter Add-On on a WindowsPlatform
6 Dur ing the SmartCenter installation a window is displayed in which you will beprompted to select the Eventia Reporter Setup Type. Select Eventia ReporterSmartCenter Add-on so that SmartCenter can connect to the distributed Eventia
Reporter.
7 R eboot the machine in order to complete the installation.
Phase 3 Preparing Eventia Reporter in SmartCenter
8 Launch SmartDashboard. (SmartDashboard is installed during the SmartConsoleinstallation).
9 Create a new host for the Eventia R eporter machine.
Note - If SmartCenter and Eventia Reporter are installed on either side of a firewall a ruleneeds to be added in the firewall to enable SIC communication.
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
17/96
Distributed Installation
Chapter 1 Getting Started 17
FIGURE 1-5 Create New Eventia Reporter Host
10 In the General Properties window, select Eventia Reporter. Then click theCommunication button.
FIGURE 1-6 Selecting the Reporter Property
11 Enter the Activation Key that was created in step 4 during the Eventia R eporter
installation.
ll
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
18/96
Installing Eventia Reporter
18
12 After activating the Eventia Reporter host, install the Security Policy,(Policy>Install) or install the database (Policy>Install Database) in order to make the
Eventia R eporter fully functional.
FIGURE 1-7 Enter the Activation Key
Solaris / Linux / SecurePlatform
This installation process consists of three phases:
Install the Eventia R eporter
Install SmartCenter and the Eventia R eporter Add-On
Preparing Eventia R eporter in SmartCenter
Phase 1 Installing the Eventia Reporter
1 Select Eventia R eporter and SmartConsole (optionally) for installation.
DistributedInstallation
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
19/96
Distributed Installation
Chapter 1 Getting Started 19
FIGURE 1-8 Standalone Deployment - for Solaris
Depending on the components that you have chosen to install, you may need to take
additional steps before reaching step 3.
2 Select a folder in which the output files created by Eventia R eporters output will
be generated.
FIGURE 1-9 Solaris - default directory
Depending on the components that you have chosen to install, you may need to take
additional steps before reaching step 3.
3 Enter the Activation Key in the specified fields. R emember the key; you will need
to enter it at a later stage.
Enter Finish to complete the installation of the Eventia R eporter.
InstallingEventiaReporter
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
20/96
Installing Eventia Reporter
20
FIGURE 1-10 Solaris Activation Key
4 In order to complete the installation, continue from Phase 2 Installing
SmartCenter and the Eventia R eporter Add-O n on page 15.
Nokia IPSO
Nokia IPSO only supports Eventia R eporter Add-O n. For details on installing EventiaR eporter machine, please refer to Phase 1 - Installing the Eventia R eporter on page
14 for installation instructions.
Installing the SmartCenter Machine and the Eventia Reporter Add-On
SmartCenter installation is described in its own document. Only the portion that is
related to Eventia Reporter is discussed here.
1 After installing Check Point IPSO packages, reboot the machine and run cpconfig.
Note - Although the interface is different, the installation process performed on a Windows
platform is the same as the installation process performed on a Solaris platform.
DistributedInstallation
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
21/96
Distributed Installation
Chapter 1 Getting Started 21
FIGURE 1-11 Installing Check Point IPSO Packages
2 Login into IPSO Voyager from a web browser.
FIGURE 1-12 Login to Voyager
3 Select Config to enter the Voyager Configuration screen.
Installing Eventia Reporter
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
22/96
g p
22
FIGURE 1-13 Click Config to enter the Configuration screen.
4 In the Configuration screen, select Manage Installed Packages.
Distributed Installation
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
23/96
Chapter 1 Getting Started 23
FIGURE 1-14 Select Manage Installed Packages
5 Make sure that Eventia R eporter NGX R 60 (and any other relevant packages) are
set to On and clickApply.
Installing Eventia Reporter
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
24/96
24
FIGURE 1-15 Activate Eventia Reporter and other relevant packages
6 After clicking Apply, clickSave.
7 From a command line terminal to the IPSO machine:
Logout and then login to the system.
R un rmdstart.
8 Reboot the machine.
9 In order to complete the installation, continue from Phase 3 Preparing EventiaR eporter in SmartCenter on page 16.
Installing Eventia Reporter with Provider-1/SiteManager-1 MDS
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
25/96
Chapter 1 Getting Started 25
Installing Eventia Reporter with Provider-1/SiteManager-1MDS
To expand the reporting abilities of Provider-1, Eventia R eporter can be produced for
customer modules (version N GX R 60).
Phase 1: Installing the Eventia Reporter
1 Install Eventia R eporter Server from the Check Point NGX R 60 CD on a
dedicated machine different from the MDS. (This is a distributed installation).R efer to Distributed Installation on page 13.
Phase 2 Installing Eventia Reporter Add-On onProvider-1/SiteManager-1 MDS
2 Install a complementary package (the Eventia R eporter Add-on), on an MDS. To
do so, run SVRSetup (the SVR installation script for Provider-1), using the followingcommands:
cd $MDSDIR/scripts
./SVRSetup install
3 In a multi-MDS environment, the Eventia R eporter Add-on should be installed onthe same MDS that issued the certificate for the Eventia Reporter Server. The
Eventia Reporter Client should also connect to this MDS.
4 The SVRsetup installation script will ask if you want to stop the MDS. Answer yes.
5 After the installation script is finished, the SVRsetup installation script will ask if youwant to start the MDS. Answer yes.
Phase 3 Preparing Eventia Reporter inProvider-1/SiteManager-1 MDS
6 From the MDG, open the Global Policy SmartDashboard, and create a new CheckPoint host. Define it as the Eventia Reporter Server object. It will represent the
Eventia Reporter Server installed in step 1.
7 Establish SIC between the MDS and Eventia R eporter Server.8 Click Save.
Installing Eventia Reporter
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
26/96
26
9 Eventia R eporter Server can connect to the CMA only afterthe Global Policy isassigned to the customer, and the Global Eventia R eporter object appears in the
CMA database.
a) Select Global Policies.
b) R ight-click the relevant customer.
c) Select Assign/Install Global Policy....
d) Select the relevant policy.
e) ClickOK.
10 Install the database on each log server to allow Eventia R eporter to read its logs:
a) Select General.
b) R ight-click the relevant log servers and launch SmartDashboard.
c) In SmartDashboard selectPolicy > Install Database...
.11 Define the machine that runs Eventia Reporter client as a Provider-1 GU I client.
12 Launch the Eventia R eporter Client via the MDG.
a) In Provider-1 select General > Manage > Launch Eventia Reporter....
13 Define Log Consolidation sessions.
Note - If the Customer is set to the Assign only Global Objects that are used in the
assigned Global Policy (the selective assignment mode of Global objects), then the Eventia
Reporter Server object should be referred to in the Global Policy assigned.
Installing Eventia Reporter with Provider-1/SiteManager-1 MDS
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
27/96
Chapter 1 Getting Started 27
Starting Eventia Reporter
To start Eventia R eporter, proceed as follows:
1 Launch the Eventia R eporter Client (FIGURE 1-16).FIGURE 1-16 Eventia Reporter Client Report View
2 Display the Management Selection Bar view and verify that logs are indeed being
consolidated and saved to the Eventia R eporter Database if consolidation is beingperformed.
Starting Eventia Reporter
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
28/96
28
FIGURE 1-17 Eventia Reporter Client Management View - Consolidation
The status "processing logs" indicates that the log consolidator is working properly. If
you do not see anything in this screen, proceed to defining a consolidation session, asexplained in How to Configure Consolidation Settings and Sessions on page 59.
Installing Eventia Reporter with Provider-1/SiteManager-1 MDS
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
29/96
Chapter 1 Getting Started 29
FIGURE 1-18 Eventia Reporter Client Management View - Database Maintenance
3 Go back to the Reports view (FIGUR E 1-16 on page 27) and ensure that you
select the database tables for which to generate the report, as well as a report timeframe. Then generate the Network Activity report by selecting it in the Report Treeand clicking in the toolbar.
4 To follow the progress of the report generation, display the Results view.
After a brief delay, the Network Activity report result is displayed through yourbrowser (FIGUR E 1-19 on page 30). You may get an empty report if the
consolidator did not commit any data into the database yet. It may take up to an
hour before you can first see results in the reports you produce.
Starting Eventia Reporter
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
30/96
30
FIGURE 1-19 Example Standard Network Activity Report Result
5 Click a section title to view the results in question. The sections results are
displayed in either a graph unit, a table unit or both types of units.
FIGUR E 1-20 on page 31 shows example results of section 2, Network Activity by
Date, in both a graph unit and a table unit.
Installing Eventia Reporter with Provider-1/SiteManager-1 MDS
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
31/96
Chapter 1 Getting Started 31
FIGURE 1-20 Example Standard Network Activity by Date Section Graph and TableFormats
Licenses
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
32/96
32
Licenses
Licenses are installed on the SmartCenter/ MDS Server on a per gateway basis and a per
CMA basis.
When the license is installed on a per gateway basis the user must select which gateways
for which reports are generated. With Provider-1, select the customers instead of the
gateways.
If you have three gateways and you buy three licenses you do not have to select the
gateways because the system knows that you only have three.
But, if you have 4 gateways and three licenses you have to choose the gateways to
which each license belongs.
Up to 5 VPN-1 Edge devices are considered a single gateway. Beyond 5 each VPN-1Edge gateway is counted as an individual gateway.
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
33/96
33
CHAPTER 2
Eventia Reporter
In This Chapter
The Need for Reports
To manage your network effectively and to make informed decisions, you need to
gather information on the networks traffic patterns. There is a wide range of issues youmay need to address, depending on your organizations specific needs:
As a Check Point customer, you may wish to check if your expectations of theproducts are indeed met.
From a security point of view, you may be looking for suspicious activities, illegal
services, blocked connections or events that generated alerts.
As a system administrator, you may wish to sort the Security Policy based on how
often each R ule is matched, and delete obsolete R ules that are never matched.
You may be looking for general network activity information, for purposes such as
capacity planning.
From the corporate identity and values perspective, you may want to ensure your
employees surfing (such as the web sites they access) comply with your companys
policy.
From a sales and marketing point of view, you may wish to identify the most andthe least visited pages on your website or your most and least active customers.
The Need for Reports page 33
Eventia Reporter Solution page 34
Eventia Reporter Considerations page 43
Eventia Reporter Database Management page 48
Eventia Reporter Solution
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
34/96
34
To address these issues, you need an efficient tool for gathering the relevant informationand displaying it in a clear, accurate format.
Eventia Reporter SolutionIn This Section
Some Basic Concepts and Terminology
Automatic Maintenance - the process of automatically deleting and/ or archiving olderdatabase records into a backup file.
Consolidation - the process of reading logs, combining instances with the same keyinformation to compress data and writing it to the database.
Consolidation Policy - the rules to determine which logs the consolidator will acceptand how to consolidate them. We recommend that you use the out-of-the-box
policy without change.
Consolidation Session - an instance of the consolidation process. There can be oneactive session for every log server.
Express Reports - reports based on the SmartView Monitor counters and the
Activity Log. These reports are not as flexible as standard reports but are generatedquickly.
Log Sequence - the series of log files as specified by fw.logtrack. When a log switchis performed, the log file is recorded in the sequence of files. The log consolidator
can follow this sequence.
Report- a high-level view of combined log information that provides meaning tousers. R eports are compr ised of sections.
Standard R eports - reports based on consolidated logs.
$RTDIR - the installation directory of the Eventia Reporter.
Some Basic Concepts and Terminology page 34
Eventia Reporter Overview page 35
Log Consolidation Process page 37
Eventia Reporter Standard R eports page 39
Predefined Reports page 41
Eventia Reporter Overview
E ti R t O i
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
35/96
Chapter 2 Eventia Reporter 35
Eventia Reporter Overview
Check Point Eventia Reporter delivers a user-friendly solution for monitoring and
auditing traffic. You can generate detailed or summarized reports in the format of your
choice (list, vertical bar, pie chart etc.) for all events logged by Check PointVPN-1 Pro, SecureClient and SmartDefense.
Eventia Reporter implements a Consolidation Policy, which goes over your original,raw log file, it compresses similar events and writes the compressed list of events into
a relational database (the Eventia R eporter Database). This smart, database enablesquick and efficient generation of a wide range of reports. The Eventia R eporter
solution provides a balance between keeping the smallest report database possible and
retaining the most vital information with the most flexibility.
A Consolidation Policy is similar to a Security Policy in terms of its structure andmanagement. For example, both R ule Bases are defined through the SmartDashboards
Rules menu and use the same network objects. In addition, just as Security Rules
determine whether to allow or deny the connections that match them, ConsolidationR ules determine whether to store or ignore the logs that match them. The key
difference is that a Consolidation Policy is based on logs, as opposed to connections, and
has no bearing on security issues.
FIGUR E 2-1 illustrates the Consolidation process, defined by the Consolidation Policy.
After the VPN-1 Pro Modules send their logs to the SmartCenter Server, the Log
Consolidator Engine collects them, scans them, filters out fields defined as irrelevant,merges records defined as similar and saves them to the Eventia R eporter Database.
FIGURE 2-1 Log Consolidation Process
The Eventia Reporter Server can then extract the consolidated records matching aspecific report definition from the Eventia Reporter Database and present them in a
report layout (FIGUR E 2-2):
Eventia Reporter Solution
FIGURE 2 2 Report Generation Process
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
36/96
36
FIGURE 2-2 Report Generation Process
Two types of reports can be created: Standard R eports and Express R eports. TheStandard R eports are generated from information in log files through the C onsolidation
process to yield relevant analysis of activity. Express R eports are generated from
SmartView Monitor History files and are produced much more quickly.
Eventia R eporter Standard Reports are supported by two Clients:
SmartDashboard Log Consolidator manages the Log Consolidation rules.
Eventia Reporter Client generates and manages reports.
FIGURE 2-3 illustrates the Eventia R eporter architecture for Standard Reports:
Log Consolidation Process
FIGURE 2-3 Eventia Reporter Standard Report Architecture
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
37/96
Chapter 2 Eventia Reporter 37
FIGURE 2 3 Eventia Reporter Standard Report Architecture
The interaction between the Eventia R eporter C lient and Server components applies
both to a distributed installation (as shown in FIGURE 2-3), where the SmartCenterServer and Eventia R eporters Server components are installed on two different
machines, and to a standalone installation, in which these products are installed on the
same machine.
Log Consolidation Process
It is recommended to use the SmartView Log Consolidators predefined Consolidation
Policy (the out_of_the_box Policy), designed to filter out irrelevant logs and store themost commonly requested ones (such as blocked connection, alert or web activity logs).
The Log Consolidator Engine scans the Consolidation R ules sequentially and processes
each log according to the first R ule it matches.
Eventia Reporter Solution
FIGURE 2-4 illustrates how the Consolidation Policy processes logs: when a log
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
38/96
38
FIGURE 2-4 illustrates how the Consolidation Policy processes logs: when a logmatches a Consolidation R ule, it is either ignored or stored. If it is ignored, no record
of this log is saved in the Eventia Reporter system, so its data is not available for report
generation. If it is stored, it is either saved as is (so all log fields can later be representedin reports), or consolidated to the level specified by the R ule.
FIGURE 2-4 Log Process Chart
The Consolidation is performed on two levels: the interval at which the log was createdand the log fields whose original values should be retained. When several logs matching
a specific R ule are recorded within a predefined interval, the values of their relevantfields are saved as is, while the values of their irrelevant fields are merged (for
example, consolidated) together.
TABLE 2-1 provides a Consolidation example, where three logs of approved NTPconnections match the same Consolidation R ule (NT P is a time protocol that provides
access over the Internet to systems with precise clocks).
The R ules store options specify that logs generated within a one hour interval should
be consolidated into a single record, as long as they share the same values for four fieldsof interest: destination, interface, R ule name and Q oS class. The values of all other
fields are either integrated into their shared value (for example, the shared R ule
Eventia Reporter Standard Reports
Number value, 1), or replaced with the term consolidated (for example, the different
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
39/96
Chapter 2 Eventia Reporter 39
Number value, 1), or replaced with the term consolidated (for example, the differentSource values). The consolidated record includes a connection number column, noting
how many logs it represents (in this case, 3).
How to interpret Computer names in DHCP enabled networks
In DHCP address mapping is used. Assuming the DNS knows how to resolve dynamicaddresses, the information you see in the report reflects the correct resolving results forthe time the reported log events have been processed by the SmartDashboard Log
Consolidator and inserted into the database.
Because of the dynamic nature of DHCP address distribution, there is no guarantee thatconsolidation of old log files will produce correct address name resolving.
When DHCP is in use, consolidating log files close to the time of their creation willimprove address-resolving accuracy.
Eventia Reporter Standard Reports
The Log Consolidation process results in a database of the most useful, relevant records,
known as the Eventia R eporter Database. The information is consolidated to anoptimal level, balancing the need for data availability with the need for fast and efficient
report generation.
R eports are generated based on a single database table, specified in the Reports view >Standard Reports > Input tab. By default, all consolidated records are saved to the
CONNECTIONS table and all reports use it as their data source. However, each time you
create a new consolidation session, you have the option of storing records in a different
table.
TABLE 2-1 Consolidation Example
Record Time Source Dest. I-face Rule
Name
Rule
No.
Class Conn
No.
Log 1 10:00 10.1.3.29
172.0.0.1
hme0 NYC 1 Gold
Log 2 10:25 10.15.2.
52
172.0.
0.1
hme0 NYC 1 Gold
Log 3 10:59 10.56.60.4
172.0.0.1
hme0 NYC 1 Gold
Cons.Record
10:00 Consolidated
172.0.0.1
hme0 NYC 1 Gold 3
Eventia Reporter Solution
Dividing the consolidated records between different tables allows you to set the Eventia
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
40/96
40
g yR eporter Client to use the table most relevant to your query, thereby improving the
Eventia Reporter Servers performance. In addition, dividing records between tables
facilitates managing the Eventia Reporter Database: you can delete outdated tables,export tables you are not currently using to a location outside of the Eventia Reporter
Database and import them back when you need them.
Eventia Reporter Express Reports
Express R eports are based on data collected by Check Point system counters and
SmartView Monitor H istory files. Standard Reports, in contrast, are based on Log
Consolidator logs. Because Express R eports present histor ical data, they cannot befiltered, but they can be generated at a faster rate.
Eventia R eporter Express Reports are supported by one Client, the Eventia Reporter.
To configure your system to generate Express R eports, see Express ReportsConfiguration on page 66.
FIGURE 2-4 illustrates the Eventia Reporter architecture for Express NetworkR eports:
FIGURE 2-5 Eventia Reporter Express Report Architecture
Predefined Reports
Predefined Reports
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
41/96
Chapter 2 Eventia Reporter 41
p
The Eventia Reporter Client offers a wide selection of predefined reports for both
Standard and Express reporting, designed to cover the most common network queries
from a variety of perspectives.
Report Subjects
The reports are grouped by the following subjects, allowing you to easily locate the oneyou need:
Security (Standard, Express) this subject includes reports that allow you to focus
on all security-related traffic in your network. For example, you can inspect
connections whose origin or destination is the VPN-1 Pro gateway, monitorsecurity attacks detected by SmartDefense, or analyze blocked connections andVPN-1 Pro gateway alerts.
In addition, you can detect Policy Installations and analyze the R ule Base order ona specific gateway. Identifying the top matched rules versus the least matched rules
allows you to sort the Security Policy in the most efficient way.
Network Activity (Standard, Express) this subject includes reports that enable you
to analyze the most popular activities in your network. You can examine yournetwork activity as a whole or focus on a specific direction (incoming, outgoing orinternal) or activity type (web, ftp or Email). For example, to study network traffic
inside your organization, you can investigate how your web servers, mail servers and
VPN-1 Pro gateways handle the network load; see which services use most of theavailable bandwidth; and find out what are the most popular web sites. You can
detect illegal network traffic, such as connections to banned web sites or use of
prohibited services. To examine the network usage by external sources, you canexplore which sources access the corporate web site, how often and for how long.
A report dedicated to VPN-1 Pro gateway activity allows you to identify its top
services, sources and destinations. The records are organized both by their directionand by the action taken by the VPN-1 Pro gateway. In addition, you can follow the
VPN-1 Pro gateway activitys distribution over various time frames (your working
hours, week days and the selected date range).
VPN-1 (Standard, Express) this subject includes reports that allow you to analyzevarious aspects of your encrypted traffic, such as its distribution over time, the top
services or sources, etc. You can examine your VPN-1 Pro activity as a whole, orfocus on a specific VPN Tunnel or VPN Community.
System Information (Express) this subject includes reports that allow you toanalyze various aspects of system load and operational activity, including CPU
usage, kernel usage, and memory usage.
Eventia Reporter Solution
Firewall-1 GX contains predefined reports that allow you to analyze various aspects of
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
42/96
42
the Firewall-1 GX product.
My Reports (Standard, Express) select predefined reports and customize to your
needs.For descriptions of each predefined report available, see Predefined Reports on
page 87.
Report Structure
Each report consists of a collection of sub-topics known as sections, which cover various
aspects of the report. For example, the User Activity report consists of sections such as
User Activity by Date, Top Users, Top Services for User R elated Traffic, etc.
Customizing Predefined Reports
In case you have a specific query that is not directly addressed by the predefined reports,
you can easily customize the report that is closest to your needs (by changing its daterange, filters etc.) to provide the desired information. Changing the filters of a
predefined report constitutes a change in the nature of the report and the report must
therefore by saved in a different location or under a different name. You can save thecustomized report under a different name in the report subject dedicated to
user-defined reports, My Reports.
Standalone vs. Distributed Deployment
Eventia Reporter Considerations
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
43/96
Chapter 2 Eventia Reporter 43
In This Section
Eventia Reporters default options have been designed to address the most common
reporting needs. However, to maximize the products benefits, it is recommended thatyou adapt it to your specific profile. This section describes the considerations youshould take into account before starting to use Eventia R eporter.
Standalone vs. Distributed Deployment
In a standalone deployment, all Eventia R eporter server components (the LogConsolidator Engine, the Eventia R eporter Database and the Eventia Reporter server)
are installed on the Check Point SmartCenter Server machine. In a distributed
deployment, the Eventia Reporter server components and the SmartC enter Server areinstalled on two different machines. They communicate through standard Check Point
protocols such as LEA and CPMI machines, and through a special Log Consolidator
Add-On installed on the SmartCenter Server.
The standalone deployment saves relegating a dedicated machine for the Eventia
R eporter, but the distributed deployment significantly improves your systemsperformance.
Log Availability vs. Log Storage and Processing
Since all Eventia R eporter operations are performed on the logs you have saved, the
extent to which you can benefit from this product depends on the quality of theavailable logs. Therefore, you must ensure your Security Policy is indeed tracking
(logging) all events you may later wish to see in your reports.
In addition, you should consider how accurately your logs represent your network
activity. If only some of your R ules are tracking events that match them, the eventsproportion in your reports will be distorted. For example, if only the blocked
connections Rule is generating logs, the reports will give you the false impression that
100% of the activity in your network consisted of blocked connections.
Standalone vs. Distributed Deployment page 43
Log Availability vs. Log Storage and Processing page 43
Log Consolidation Phase Considerations page 44
Report Generation Phase Considerations page 46
Eventia Reporter Considerations
On the other hand, tracking multiple connections results in an inflated log file, whicht l i t d dditi l t ti b t
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
44/96
44
not only requires more storage space and additional management operations, but
significantly slows down the Consolidation process.
Log Consolidation Phase Considerations
Record Availability vs. Database Size
R eports are a direct reflection of the records stored in the Eventia R eporter Database.
To generate detailed, wide-ranging and accurate reports, the corresponding data mustbe available in the database.
However, effective database management requires keeping the database table size fromgrowing too large. As the consolidated records accumulate in the database, the tableswhere they are saved may become quite large. The data gradually approaches the disk
space limit, using more and more memory and slowing down the Eventia R eporter
processes (especially the data retrieval for report generation). R efer to AutomaticallyMaintaining the Size of the Database on page 51 for additional information on how
Eventia Reporter tackles database management.
Carefully consider which logs you wish to store, and to what extent you wish to
consolidate them.
Saving Consolidated Records to One vs. Multiple DatabaseTables
A report is generated based on a single table. If you save all consolidated records to the
same table, all the data is readily accessible and you are saved the trouble of movingrecords between tables and selecting the appropriate source table for each report you
wish to generate.
Dividing the records between different tables reduces the report generation time and
allows you to maintain a useful database size by exporting tables you are not currentlyusing to an external location.
High Availability
Eventia Reporter supports SmartCenter High Availability.
In High Availability the Active SmartCenter Server (Active SCS) always has one or
more backup Standby SmartCenter Servers (Standby SCS) that are ready to take over
from the Active SmartCenter Server. These SmartCenter Servers must all be of the
Note - You cannot lower the maximum size of the database.
Log Consolidation Phase Considerations
same Operating System (for instance, all Windows NT), but do not have to be of thesame version The existence of the Standby SCS allows for crucial backups to be in
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
45/96
Chapter 2 Eventia Reporter 45
same version. The existence of the Standby SCS allows for crucial backups to be in
place:
for the SmartCenter Server - the various databases in the corporate organization,such as the database of objects and users, policy information and ICA files are
stored on both the Standby SCSs as well as the Active SCS. These SmartCenter
Servers are synchronized so data is maintained and ready to be used. If the ActiveSCS is down a Standby SCS needs to become Active in order to be able to edit and
install the Security Policy.
for the module - certain operations that are performed by the modules via theActive SCS, such as fetching a Security Policy, or retrieving a CR L from theSmartCenter Server, can be performed on Standby SCS.
In a High Availability deployment the first installed SmartCenter Server is specified as
the Primary SmartCenter Server. This is a regular SmartCenter Server used by thesystem administrator to manage the Security Policy. When any subsequent SmartCenter
Server is installed, these must be specified as Secondary SmartCenter Servers. Once theSecondary SmartCenter Server has been installed and manually synchronized, the
distinctions between Primary versus Secondary is no longer significant. These serversare now referred to according to their role in the Management High Availabilityscenario as Active or Standby, where any SmartCenter Server can function as the Active
SCS.
When changes are made to report definitions (including report schedules),consolidation sessions and their settings, automatic maintenance configuration and
report configuration, the information is stored in the active SmartCenter Server and
will be synchronized to the secondary SmartCenter Server when a user synchronizesthe SmartCenter Servers.
The report generation results are not synchronized between SmartCenter Servers. For
instance, when Eventia R eporter generates a report connected to SmartCenter ServerA, a record of its generation will be stored in SmartCenter Server A. When Eventia
R eporter generates a report connected to SmartCenter Server B, a record of its
generation will be stored in SmartCenter Server B. The Activity Log in SmartCenter A
will not be visible in SmartCenter B and vice versa. However, even though the ActivityLog in the inactive SmartCenter Server A is not visible, it is still possible to connect to
the inactive SmartCenter Server A in read-only mode to access the report generationsthat are not visible in SmartCenter Server B.
Eventia Reporter Considerations
Report Generation Phase Considerations
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
46/96
46
Adapting the Reports Detail Level to your Needs
When a report is very detailed, it may become difficult to sort out the most significantresults and understand it. To achieve the optimal balance between getting the right level
of detail in your reports, closely examine the reports date range, filters (source,
destination, service etc.) and filter values, and adjust them to pinpoint details.
Generating only selected sections
By default, all report sections are included in the report generation. However, to get
results faster and improve your machines performance, you can generate only selectedsections (by unchecking all others in the Content tab).
Scheduling Reports
The Schedule feature allows you to set both delayed and periodic report generations.
If you wish to produce a detailed and lengthy report, you should consider postponing
its generation and scheduling it so that it does not run at time of peak log creation
activity since such a report generation might slow down your system.In addition, it is useful to identify the reports you require on a regular basis (for
example, a daily alerts report or a monthly user activity report) and schedule theirperiodic generations.
Report Filters
R eports are based on records of the most commonly required filters (for example,
Source, Destination etc.). Specifying the appropriate filter settings is the key toextracting the information you are looking for.
For each filter you choose, specify the values (for example, network objects, services
etc.) to be matched out of all values available for that filter. The available values aretaken from the SmartCenter Server and are refreshed on a regular basis. If you cannot
see a value you have added through SmartDashboard in the available values list, refresh
the list by selecting a different filter and then return to the previous one.
The Eventia R eporter C lient also allows you to include additional objects, by manually
adding them to the matched values list.
Filters and their values can be specified on the report level and on its section level
(Content tab). The report level settings are enforced on the section level as well (forexample, if you choose to include specific sources in the report, these sources will also
be included in its section). If you set a specific section level filter and then choose a
different report level filter, the latter overrides the former.
Report Generation Phase Considerations
Report output (display, Email, file, printer etc.).
All report results are displayed on your screen and saved to the Eventia Reporter Server
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
47/96
Chapter 2 Eventia Reporter 47
All report results are displayed on your screen and saved to the Eventia Reporter Server.
By default, the report is saved in HTML output in an index.htm file; and in CSV
(Comma Separated Values) format in a tables.csv file. The HTML file includesdescriptions and graphs, but the CSV file contains only the report table units, without
a table of contents, descriptions or graphs. The tables.csv is provided in order toenable convenient table import to applications like Excel.
Before generating a report, determine whether you want it to be saved or sent to
additional or different targets. For example, when you generate a user activity-relatedreport, you may wish to make it available to all managers in your organization by
sending them the output via Email or by placing it on your intranet.
TABLE 2-2 Report Files and Formats
File Format HTML CSV
File Name index.htm tables.csv
Includes Table of contents, tables,
descriptions, graphs.
Data only. Cell values
separated by commas.R ows and tables
separated by lines.
Eventia Reporter Database Management
Eventia Reporter Database Management
All d t b t ti f d th h th E ti R t
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
48/96
48
All database management operations are performed through the Eventia ReporterDatabase Maintenance view.
Tuning the Eventia Reporter Database
To improve performance, adjust the database cache size to match the computers
available memory. Use the relevant my.ini file for the required configuration. Thisconfiguration file can be found in the Database/conf folder. In addition, place the
database data and log files on different hard drives (physical disks), if available.
Modifying Eventia Reporter Database Configuration
It is possible to change the Eventia R eporter Database settings by modifying the my.ini
file, located in the $RTDIR/Database/conf directory. This can be done by running the
UpdateMySQLConfig application. Note that before running this application you muststop all Eventia R eporter services by running rmdstop.
Running the UpdateMySQLConfig application creates a backup of the databaseconfiguration file.
There are a number of factors that can improve performance of the Eventia Reporter'sdatabase. Most of these factors can be tuned by using the UpdateMySQLConfig utility.
R AM - The database needs substantial amounts of R AM to buffer data up to 1200
MB. This can be set using UpdateMySQLConfig -R
Temporary directories - The database uses temporary disk space to perform
intermediate operations (such as sorting and grouping) and may require a few GBto generate large reports. Generating a substantial report may fail to execute the
required SQL query if there is not enough disk space for the temporary directory.
The temporary directory can be defined using UpdateMySQLConfig -T.
Log files - The database log files ensure that changes persist in the event of a system
crash. Place these files on a device that is separate from the database's data files using
the UpdateMySQLConfig -L option.
Database data files - these files should be put on a large, fast disk. The database's
data files can be placed on several disks. Use UpdateMySQLConfig -A to add a newfile to the set of database files and use UpdateMySQLConfig -M to move an existing
file to a new location. Do not place database files on a network drive sinceperformance may suffer and in some instances the database will not work.
Note - in a Windows platform the database configuration file can be found in
$RTDIR\Database\conf\my.ini, while in a unix platform it can be found in
$RTDIR\Database\conf\my.cnf
Report Generation Phase Considerations
The default database file is ibdata1. If this file needs to be moved to a newabsolute directory (for example, d:/Database/data), verify that the directory exists
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
49/96
Chapter 2 Eventia Reporter 49
and run:
UpdateMySQLConfig -M -src=ibdata1 -dst="d:/Database/data/ibdata1"
If you want to remove an absolute directory (for example, d:/Database/data2 to
d:/Database/data2), verify that the directory exists and run the following:UpdateMySQLConfig -M -src="d:/Database/data/ibdata1"
-dst="d:/Database/data2/ibdata1"
Default data directory - this is the directory that contains the MySQL table
definitions and the location of temporary tables that the generator uses to optimize
report generation performance. This directory can only be changed by editing the
file /Database/conf/my.ini (my.cnf onUNIX). Change the datadir entry to refer to the new location and copy the filesto the new location.
The following table contains the usage of the UpdateMySQLConfig application.
Eventia Reporter Database Management
Syntax
UpdateMySQLConfig
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
50/96
50
Parameters
[-A -f=string -s=number -auto[=true|=false] [ -m=number ] ]
[-R=number ]
[-M -src=string -dst=string ][-T=string ]
[-L=string ]
[-h ]
TABLE 2-3 UpdateMySQLConfig Options
option sub-option meaning-A -f - the name of the file to
add.add a new data file to thedatabase.
-s -the initial size of the filewhen it is created (format
[0-9]+{KIMIG})
-auto - specifies whether the
database should grow the fileon demand.
-m - the maximum size the
the file can grow (format[0-9]+{KIMIG}). If this op-tion is not specified, the da-
tabase will grow the file to
the available size on the disk.
-R Sets the level of databaseR AM usage.
-M -src - original file path Moves a database file to a
new location.-dst - destination file path
-T Changes the path to MySQL
temporary directory
-L Changes the path to MySQLlog directory and copies log
files to the new location.
-h Displays this help message.
Report Generation Phase Considerations
Automatically Maintaining the Size of the Database
The Log Consolidator process continuously adds new records into the database as they
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
51/96
Chapter 2 Eventia Reporter 51
g p y y
are generated from the VPN-1 Pro gateway. Eventually, the space allocated for the
database will fill up. Typically, users can manually archive or delete older, less pertinentrecords from the database to provide space for the newest records. Automatic
Maintenance performs this process automatically. With Automatic Maintenance, theuser selects a maintenance operation (whether it is deleting records or archiving them toan external file) and specifies high and low watermarks to trigger when Automatic
Maintenance should occur.
The High Watermark value represents the percentage of space that can occupy the
database and/ or the age of database records (that is, how many days old the records are).When the database occupies too much space or the records are older than the specifiedage, then the conditions are right to trigger an Automatic Maintenance operation. The
High Watermark values are checked once a day and if the percentage of space or the
age of the database records is higher than the assigned values, the AutomaticMaintenance operation is triggered.
The Automatic Maintenance operation will delete records from the database until it
reaches the Low Watermark. For example, if you specify that the High Watermark is80% and the Low Watermark is 70% then the operation will begin to delete the oldest
records when the occupied space is over 80%.
Typically, 80% is the High Watermark, since Eventia R eporter requires the extra space
to perform generation optimizations.
In addition, it is possible to specify which database tables will participate in AutomaticMaintenance. Since some of the tables are created for special purposes (for example, a
table created from an external log file), Automatic Maintenance should not beperformed on them.
When deletion of records occurs during automatic maintenance, you may see that thedatabase size grows at first. This is normal behavior since the database needs to keep
duplicate information in case of a server crash. The database will recover the disk space
for about an hour after the maintenance operation is complete.
Backing Up the Eventia Reporter Database
The Eventia Reporter Database system consists of a set of files that can be copied,
compressed or backed up like any other file. Backup files require the same disk space as
the original files. It is highly recommended to save backup copies of the EventiaR eporter Database files, which can later be used to recover from an unexpected
database corruption. Proceed as follows:
1 Stop the Eventia Reporter services:
Eventia Reporter Database Management
R un rmdstop.
2 From the Eventia R eporter Database directories, copy the entire data directory
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
52/96
52
p , py y
tree (as specified by the datadir parameter in the my.ini file) to the backup
location (you may compress them to save disk space). Copy any database and logfiles that may have been moved to a different location using the
UpdateMySQLConfig utility.
3 R estart the Eventia Reporter services, starting with the Check Point ReportingDatabase Server service.
Windows start the Check Point Reporting Database Server service.
Solaris use rmdstart.
CHAPTER 3
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
53/96
53
How To
In This Chapter
Quick Start
This section is a step-by-step guide that covers the basic Eventia R eporter operations.
In This Section
Quick Start page 53
Eventia Reporter Instructions page 65
Consolidation Policy Configuration page 77
How to Generate a Report page 54
How to Customize a Report page 55
How to View and Collect Information about the Status of R eport Generation page 56
How to Start and Stop the Log Consolidator Engine page 58
How to Configure Consolidation Settings and Sessions page 59
How to Export and Import Database Tables page 62
How to Configure Database Maintenance Properties page 63
Quick Start
How to Generate a Report
The following procedure allows you to create the most basic Eventia R eporter
-
7/31/2019 Checkpoint NGX Even Ti Are Porter User Guide
54/96
54
configuration. Proceed as follows:
1 In the Selection Bar view, select Reports > Definitions and in the Standard tab selectSecurity > Blocked Connections.
2 Access the Period tab to determine the period over which the report will be
generated and the information that should be used to generate the report.
Report Period - In this area select one of the following options:
Relative Time Frame includes the time period relative to the report generation.
This time period defines a proportional interval (for example, Last Week orThis Quarter).
Specific Dates includes the exact time period for which the report will be
generated.
3 Access the Input tab to determine the modules for which you would like togenerate a report. If more than one module is selected as your source, you can
generate information per module, or create a summary for all the selected modules.
Select Check Point modules - In this area select the VPN-1 Pro modules that will
participate in report generation:
Select all modules selects all the VPN-1 Pro modules that are run by the
SmartCenter server.
Select specific modules enables you to select specific VPN-1 Pro modules thatare run by the SmartCenter server, from the tree provided.
Add enables you to add a module to the existing module tree. Show Result - In this area select one of the following options:
Per module instructs the Eventia Reporter to create a report that details
information for each of the selected modules.
Summary of all modules instructs the Eventia R eporter to create a report thatsummarizes the information associated with all of the selected modules.
Generation Input - In this area select the database table that contains theinformation for the report you are generating. By default the CONNECTIONS table
is the primary database table.
Sample Mode provides the information for a demo mode. This option is used
when you want to see an example of the report you are creating.
Other Database Tables enables you to access the information on which youwould like your report to be based.
4 Click the Generate Report button to create the Blocked Connections report.
How to Customize a Report
5 Click Yes to display the results.
A new window appears containing the results of the report generation.
S ll d thi i d t i th ifi t t t
-
7/31/2019 Checkpoint NGX Eve