Hide this message
Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at firstname.lastname@example.org
Checkpoint Firewall Manager information not showing correctly on LEM.
The information appears on the Monitor > filters section as arriving with a new event every minute, however in the ndepth search, this does not appear to be the case.
If Checkpoint Firewall Manager has been setup to gather logs from other firewalls in the environment and send the logs to LEM, this issue will occur. The Checkpoint Firewall Manager is sending information straight to LEM, but not in any particular order.
The following example scenario shows that there is a log entry sent by a checkpoint firewall to the checkpoint firewall manager, that has the following timeframe inside its log entry: 14:15 17th of March 2016 xxxxxxxxxx
Following this scenario, if you search in NDepth for the logs, in the timeframe 16:15 17th of March 2016, you will not see an event/log entry. This is because the log itself had a different timeframe. What you should be looking for in the NDepth search is: 14:15 17th of March 2016.
This is due to the Checkpoint Firewall Manager. There is no particular order that the manager is sending the logs to LEM. LEM both makes a note of the time that it received the logs, but also makes a note of what timeframe is within the log itself. This is where the confusion is occurring when searching for the logs in LEM on the console.
It is recommended to contact your Checkpoint Firewall Manager vendor to further troubleshoot this issue as LEM is behaving as expected.