This article applies to:
- WebTrends Firewall Suite 4.x
- Security Reporting Center 2.0
Question:
Which log files should be analyzed when creating a profile for Check Point firewall log files?
Symptoms:
- No bandwidth information is being reported after analyzing Check Point firewall log files.
Causes:
Check Point firewalls can be configured to produce different types of log files. Only the accounting log files contain bandwidth information. If you are not seeing bandwidth information in your reports, most likely this is because only the regular log files are being analyzed.
To report bandwidth information from a Check Point firewall you must analyze the .alog log files.
Information:
When configuring your Check Point firewall, set the logging options in the track parameter to 'long' or 'account' for each rule created in your Check Point Security Policy.
- Setting the logging options to 'long' creates a
.log file, which contains all of the data needed to create useful reports with the exception of bandwidth information.
- Setting the logging options to 'account' adds bandwidth information to the log files. With this setting, both
.alog and .log files are created.
When creating a profile to analyze your Check Point firewall log files you have three options from which to choose.
- Report using both regular logs and accounting logs
- Report using regular logs
- Report using accounting logs
Notes:
Trustwave recommends analyzing either the .log or the .alog, but not both at the same time. While analyzing both can be useful under some circumstances, it causes some hits to be counted twice, and the resulting reports may be inaccurate. In most circumstances, you should analyze the .alog files when possible.
- This article was previously published as:
- NETIQKB11989