User guide
ManageEngine Firewall Analyzer :: User Guide
211
Zoho Corp.
Attributes
Description
OPSEC
Application - SIC
Name
The SIC name of the OPSEC Application LEA client (the LEA Server on
Firewall Analyzer), in the case of authenticated connections.
LEA Server -
Authentication
Type
The authentication mechanism to be used. The default value is
sslca
.
Supported values in this field are:
sslca, sslca_clear, sslca_comp,
sslca_rc4, sslca_rc4_comp, asym_sslca, asym_sslca_comp,
asym_sslca_rc4, asym_sslca_rc4_comp, ssl, ssl_opsec,
ssl_clear, ssl_clear_opsec, fwn1
and
auth_opsec
LEA Server - SIC
Name
The SIC name of the Check Point Management Server.
Importing Check Point Log Files
Before proceeding with the importing of Check Point logs, you need to do the following
changes in the Smart View Tracker of the Check Point Firewall to obtain the complete log
information:
Changes in Smart View Tracker :
1. Open the "Smart View Tracker" and click on "View" > "Query Properties".
2. Please select the following attributes if they where not selected previously:
o Elapsed
o Bytes
o Client InBound Bytes
o Client OutBound Bytes
o Server InBound Bytes
o Server OutBound Bytes
o Status
o URL
For Non-LEA connections, there are two ways to create plain text check point log file and
export the log file, which then can be imported in Firewall Analyzer. For LEA connections
you can skip the below mentioned methods and follow the LEA configuration instructions.
Method 1 :
In the command prompt of Check Point Firewall Management Station execute the
following command
fw logexport -d ; -i fw.log -o exportresult.log -n
For Check Point NG use the below command:
fwm logexport -d ; -i fw.log -o exportresult.log -n
where, -d refers to delimiter, -i refers to input log file, -o refers to output ASCII file,
and -n implies don't perform DNS resolution of the IP addresses in the Log File (this
option significantly improves processing speed).
For detailed information please refer the Check Point documentation or contact Check
Point technical support.