What is the difference between SmartConsole logs and SmartView?

SmartConsole includes an integrated log viewer for real-time and historical log analysis. SmartView is a web-based application that provides the same functionality accessible from any browser without installing SmartConsole. Both provide access to logs, views, and reports, with SmartView being convenient for quick access or mobile scenarios.

How long are logs retained in Check Point?

Log retention depends on your configuration and storage capacity. By default, logs are stored on the Security Management Server or Log Server. You can configure retention policies based on time (days/months) or size. For compliance, consider forwarding logs to a SIEM or dedicated log storage system for long-term retention.

Can I export Check Point logs to a SIEM solution?

Yes, Check Point supports log forwarding to SIEM solutions via syslog (CEF or LEEF format), OPSEC LEA, or the Check Point Log Exporter tool. You can also use the Management API to programmatically retrieve logs. Configure log forwarding in SmartConsole under Logs & Monitor settings.

How do I create automated email reports?

In SmartConsole, create or select a view, then click the Schedule icon. Configure the schedule (daily, weekly, monthly), email recipients, and format (PDF or inline). The report will be automatically generated and emailed according to your schedule. Requires a configured mail server in SmartConsole settings.

How to View Logs and Generate Reports in Check Point SmartConsole

Check Point SmartConsole and SmartView provide powerful logging and reporting capabilities for monitoring security events, analyzing traffic patterns, and generating compliance reports. This guide walks you through accessing logs, creating custom views, and automating report generation.

Prerequisites

Before you begin, ensure you have:

SmartConsole installed with log viewing permissions
Security Gateway configured to send logs to the Management Server
Logging enabled on relevant firewall rules (Track column)
Optional: SmartEvent Server for advanced correlation and reports
Optional: Mail server configured for automated report delivery

Understanding Check Point Logging

Check Point generates several types of logs:

Log Type	Description	Generated By
Security Logs	Firewall accept/drop actions	Access Control rules
Threat Prevention Logs	IPS, Anti-Bot, Anti-Virus events	Threat Prevention blades
VPN Logs	Tunnel establishment, encryption	VPN blade
Audit Logs	Administrator actions	Management Server
System Logs	Gateway health, errors	Security Gateways

Step 1: Access Logs in SmartConsole

Opening the Logs View

Open SmartConsole and connect to your Management Server
Click Logs & Monitor in the left navigation panel
The default Logs view opens showing recent security events
Use the time selector in the top-right to adjust the time range

Understanding the Log View Interface

Area	Description
Time Range	Filter logs by time period
Search Bar	Query logs with free text or structured queries
Filter Panel	Quick filters for common attributes
Log Table	List of matching log entries
Log Details	Expanded view of selected log entry

Step 2: Search and Filter Logs

Basic Search

Type in the search bar to find logs containing specific text:

192.168.1.100 - Find logs with this IP address
blocked - Find logs with blocked actions
malware - Find Threat Prevention logs

Advanced Query Syntax

Check Point uses a structured query language:

blade:firewall action:drop

src:10.0.0.0/8 dst:8.8.8.8 service:DNS

blade:"Anti-Bot" severity:critical

Common Query Fields

Field	Description	Example
`blade`	Security blade that generated log	`blade:firewall`
`action`	Action taken (accept, drop, detect)	`action:drop`
`src`	Source IP address or network	`src:192.168.1.0/24`
`dst`	Destination IP address	`dst:8.8.8.8`
`service`	Service or application	`service:HTTPS`
`rule`	Rule name or number	`rule:"Web Access"`
`severity`	Log severity level	`severity:high`
`product`	Check Point product	`product:"Threat Emulation"`

Click the Filter icon to expand the filter panel
Select filters from available categories:
- Blade: Firewall, Application Control, Threat Prevention
- Action: Accept, Drop, Reject, Detect
- Severity: Critical, High, Medium, Low
Click filter values to add them to your query
Combine multiple filters for precise results

Step 3: Analyze Individual Log Entries

Viewing Log Details

Click any log entry in the table
The Log Details panel expands below
View comprehensive information:
- General: Time, action, rule matched
- Source/Destination: IPs, users, interfaces
- Service: Protocol, port, application
- Threat Prevention: Attack name, severity, CVE
- Additional Info: Bytes, duration, matched policy

Understanding Log Fields

Field	Description
Type	Log category (Log, Alert, Audit)
Action	What the gateway did (Accept, Drop, etc.)
Blade	Which blade generated the log
Origin	Gateway that generated the log
Rule	Rule name that matched the traffic
Source/Destination	Endpoints involved
Service	Protocol and port information
Information	Additional context and details

Log Actions

Right-click a log entry for additional actions:

Copy - Copy log details to clipboard
Search - Use field value as search query
Whois - Look up IP address information
Show Policy - Jump to the matching rule
Create Exception - Add Threat Prevention exception

Step 4: Use Predefined Views

SmartConsole includes built-in views for common monitoring needs:

Accessing Predefined Views

In Logs & Monitor, click the + tab
Browse the Catalog of available views
Categories include:
- Access Control - Firewall traffic analysis
- Threat Prevention - Security threat overview
- VPN - Tunnel status and traffic
- User & Identity - User-based activity
- Network - Bandwidth and connection analysis

Popular Predefined Views

View	Purpose
Security Overview	Dashboard of key security metrics
Top Blocked Attacks	Most frequent threat detections
Top Sources	Highest traffic-generating IPs
Top Applications	Most used applications
Blocked Traffic	Summary of dropped connections
User Activity	Traffic by authenticated user

Step 5: Create Custom Views

Build views tailored to your specific needs:

Creating a New View

Go to Logs & Monitor
Click the + tab > New View
Enter a Name and select a Category
Optionally add a Description
Click OK to open the view editor

Adding Widgets

Views are composed of widgets that display data:

Click Add Widget in the view editor
Choose widget type:
- Timeline - Events over time
- Table - Detailed log entries
- Chart - Bar, pie, or line graphs
- Map - Geographic visualization
- Infographic - Key metrics display
- Rich Text - Static text and instructions

Click Edit on a widget
Define the query:
- Use the visual query builder, or
- Enter advanced query syntax
Select fields to display
Configure sorting and limits
Set refresh interval

Example: Top Blocked Applications View

Widget 1 - Chart:

Type: Horizontal Bar
Query: action:drop blade:"Application Control"
Group by: Application Name
Show top 10

Widget 2 - Timeline:

Query: action:drop blade:"Application Control"
Display events over time

Widget 3 - Table:

Query: action:drop blade:"Application Control"
Columns: Time, Source, Application, Rule

Step 6: Access SmartView Web Application

SmartView provides browser-based access to logs and reports:

Accessing SmartView

Open a web browser
Navigate to: https://<management-server-ip>/smartview/
Log in with your SmartConsole credentials
The SmartView interface loads with familiar views

SmartView Features

Feature	Description
Real-time Logs	Same log access as SmartConsole
Views	All predefined and custom views
Reports	Generate and download reports
Mobile Access	Works on tablets and smartphones
No Installation	Runs in any modern browser

SmartView User Preferences

Click your username in the top-right
Select User Preferences
Configure:
- Locale: Display language
- First day of the week: Weekly report start day
- Theme: Default or High Contrast
- Default time frame: Initial log filter period

Step 7: Generate Reports

Create professional reports for management or compliance:

Quick Report Generation

Open any view in SmartConsole or SmartView
Click the Export icon
Choose format:
- PDF - Formatted document with charts
- CSV - Data export for spreadsheets
Configure options:
- Time range
- Include/exclude widgets
Click Export

Scheduled Reports

Automate recurring report delivery:

Open the view you want to report
Click the Schedule icon (clock symbol)
Configure schedule:
- Frequency: Daily, Weekly, Monthly
- Day/Time: When to generate
- Time Range: Last 24 hours, Last week, etc.
Configure delivery:
- Recipients: Email addresses
- Format: PDF or inline HTML
- Subject: Custom email subject
Click Save Schedule

Report Prerequisites

For email delivery, configure mail server:

Go to Manage & Settings > Blades > Logging & Monitoring
Configure Mail Server settings:
- SMTP server address
- Port (25, 465, or 587)
- Authentication if required
- From address

Step 8: Configure Log Forwarding

Send logs to external systems for long-term storage or SIEM integration:

Syslog Forwarding

Go to Manage & Settings > Blades > Logging & Monitoring
Click Log Servers > Add > External Log Server
Configure:
- Name: Descriptive name
- Type: Syslog
- Address: Syslog server IP
- Port: Usually 514 (UDP) or 6514 (TLS)
- Format: CEF or LEEF
Select which log types to forward
Install policy to activate

Log Exporter

For advanced integrations, use Check Point Log Exporter:

# Install on Management Server
cplog_export -h

# Configure export target
cplog_export -t syslog -a <siem_ip> -p 514 -f cef

Step 9: Monitor System Health

Beyond security logs, monitor gateway and system status:

Gateway Status View

Go to Logs & Monitor
Select the Gateways & Servers view
Monitor:
- Gateway online/offline status
- CPU and memory usage
- Policy installation status
- License status

Setting Up Alerts

Configure alerts for critical events:

Go to Manage & Settings > Blades > Logging & Monitoring
Click SmartView Monitor Settings
Configure alert actions:
- Pop-up notification
- Email notification
- SNMP trap
- User-defined script

Troubleshooting Common Issues

Logs Not Appearing

Symptoms: No logs visible for recent traffic.

Solutions:

Verify Track column is set to "Log" on relevant rules
Check gateway connectivity to Management Server
Verify log server disk space
Check time synchronization between gateway and management
Publish and install policy after adding logging

Slow Log Queries

Symptoms: Searches take too long.

Solutions:

Narrow the time range
Use more specific queries
Add indexed fields to queries (src, dst, action)
Check log server performance (CPU, disk I/O)
Consider log indexing optimization

SmartView Not Accessible

Symptoms: Cannot reach SmartView web interface.

Solutions:

Verify Management Server is running
Check HTTPS connectivity (port 443)
Confirm SmartView is enabled: api status from CLI
Clear browser cache and cookies
Try different browser

Best Practices Summary

Practice	Description
Enable Logging	Configure Track column on all security rules
Use Views	Create views for common monitoring needs
Schedule Reports	Automate regular security reports
Forward Logs	Send logs to SIEM for correlation
Set Alerts	Configure alerts for critical events
Retention Policy	Define log retention based on compliance needs
Regular Review	Schedule time to review security trends

Next Steps

After mastering logging and reporting:

SmartEvent - Deploy SmartEvent for advanced correlation
SIEM Integration - Connect to your SIEM platform
Custom Dashboards - Build executive security dashboards
Automated Responses - Configure automatic actions for specific events
Compliance Reporting - Create compliance-specific report templates

Additional Resources

Need help with Check Point monitoring and reporting? Inventive HQ provides expert configuration, SIEM integration, and managed security monitoring services. Contact us for a free consultation.

How to View Logs and Generate Reports in Check Point SmartConsole

Prerequisites

Understanding Check Point Logging

Step 1: Access Logs in SmartConsole

Opening the Logs View

Understanding the Log View Interface

Step 2: Search and Filter Logs

Basic Search

Advanced Query Syntax

Common Query Fields

Using the Filter Panel

Step 3: Analyze Individual Log Entries

Viewing Log Details

Understanding Log Fields

Log Actions

Step 4: Use Predefined Views

Accessing Predefined Views

Popular Predefined Views

Step 5: Create Custom Views

Creating a New View

Adding Widgets

Configuring Widget Queries

Example: Top Blocked Applications View

Step 6: Access SmartView Web Application

Accessing SmartView

SmartView Features

SmartView User Preferences

Step 7: Generate Reports

Quick Report Generation

Scheduled Reports

Report Prerequisites

Step 8: Configure Log Forwarding

Syslog Forwarding

Log Exporter

Step 9: Monitor System Health

Gateway Status View

Setting Up Alerts

Troubleshooting Common Issues

Logs Not Appearing

Slow Log Queries

SmartView Not Accessible

Best Practices Summary

Next Steps

Additional Resources

Frequently Asked Questions

Need Professional IT & Security Help?

Related Articles

How to Configure Firewall Rules in Check Point SmartConsole

How to Configure Anti-Phishing Policies in Harmony Email

How to Configure DLP in Harmony Email & Collaboration