Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Log & Event Manager (LEM) > Checkpoint Firewall Manager information not showing correctly on LEM

Checkpoint Firewall Manager information not showing correctly on LEM

Created by Ezgi Muderrisoglu, last modified by MindTouch on Jun 23, 2016

Views: 73 Votes: 1 Revisions: 4


Checkpoint Firewall Manager information not showing correctly on LEM.

The information appears on the Monitor > filters section as arriving with a new event every minute, however in the ndepth search, this does not appear to be the case.


If Checkpoint Firewall Manager has been setup to gather logs from other firewalls in the environment and send the logs to LEM, this issue will occur. The Checkpoint Firewall Manager is sending information straight to LEM, but not in any particular order.

The following example scenario shows that there is a log entry sent by a checkpoint firewall to the checkpoint firewall manager, that has the following timeframe inside its log entry: 14:15 17th of March 2016 xxxxxxxxxx

  • Other Checkpoint Firewalls > send logs to > Checkpoint Firewall Manager
  • Checkpoint Firewall Manager > sends these logs to (in no particular order) [in this example, it sends the logs at 16:15 17th of March 2016] > LEM
  • LEM > processes the logs themselves through it's configured connectors. > translates the information, and saves them to it's database. [In this example, it places the log entry accordingly with what timeframe is mentioned in the log itself, so on 17th of March 2016, 14:15]
  • LEM > shows in the LEM console Monitor section, what time it has received the logs. [In this example, LEM received the logs at 16:15 17th of March 2016, so in the insertion time, this is the time that will be displayed]


Following this scenario, if you search in NDepth for the logs, in the timeframe 16:15 17th of March 2016, you will not see an event/log entry. This is because the log itself had a different timeframe. What you should be looking for in the NDepth search is: 14:15 17th of March 2016.


  • LEM 6.2
  • Checkpoint Firewall Manager


This is due to the Checkpoint Firewall Manager. There is no particular order that the manager is sending the logs to LEM. LEM both makes a note of the time that it received the logs, but also makes a note of what timeframe is within the log itself. This is where the confusion is occurring when searching for the logs in LEM on the console.


It is recommended to contact your Checkpoint Firewall Manager vendor to further troubleshoot this issue as LEM is behaving as expected.


Last modified
19:55, 22 Jun 2016