Technical data

ManualsBrandsCheck Point Software Technologies ManualsNetworkingSmart-1 5

Configuring the SmartEvent Clients

Configuring SmartEvent Page 25

Defining the Internal Network for SmartEvent

To help SmartEvent Intro determine whether events originated internally or externally, the Internal Network

must be defined. Certain network objects are copied from the management server to the SmartEvent Intro

server during the initial synchronization and updated afterwards periodically. Define the Internal Network

from these objects.

Note - If running IPS Event Analysis in a Security Management Server environment, the internal network will

be defined automatically from firewall topology information. You can customize the internal network

definition.

To define the Internal Network:

1. Start the SmartEvent Intro Client.

2. From the Policy view, select General Settings > Initial Settings > Internal Network.

3. Add objects (hosts, networks, groups, IP ranges) that define your environment's internal network.

Defining Correlation Units and Log Servers for

SmartEvent

1. From the Policy view of the SmartEvent Intro client, select General Settings > Initial Settings >

Correlation Units.

2. Select Add.

3. Click the button of the Correlation Unit field.

4. In the Select Objects window, select a Correlation Unit.

5. Click OK.

6. Click Add and select the Log Servers available as data sources to the Correlation Unit.

7. Select Save.

8. From the Actions menu, select Install Events policy.

At this point, SmartEvent Intro will begin to read logs and detect events.

To learn how to manage and fine-tune the system using the SmartEvent Intro Client, see the SmartEvent

Administration Guide for your software version on the Check Point Support Center

(http://supportcenter.checkpoint.com).

Creating a Consolidation Session for SmartReporter

The Consolidation session reads logs from the log server and adds them to the SmartReporter database.

 If there is a single log server in the environment, the Consolidation session is automatically created.

 If there is more than one log server, you must create the Consolidation session for each log server.

To create a Consolidation session:

1. In the Selection Bar view, select Management > Consolidation.

2. Select the Sessions tab.

3. Click Create New to create a new session.

The New Consolidation Session window appears.

4. Select the log server from which logs will be collected and will be used to generate reports.

5. Click Next.

The New Consolidation Session window appears.

6. Choose whether to use the default source logs and database tables, or select custom source logs and

database tables for consolidation.

If you selected Select default log files and database, click Finish to complete the process. The source of

the reports will be preselected logs. The report data will be stored in the default database table named

CONNECTIONS. The preselected logs are the sequence of log files that are generated by Check Point

products. The preselected logs session will begin at the beginning of the last file in the sequence, or at the

point the sequence was stopped.