Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Checkpoint Firewall Manager information not showing correctly on LEM

Checkpoint Firewall Manager information not showing correctly on LEM

Created by Ezgi Muderrisoglu, last modified by James Moore on Feb 18, 2019

Views: 1,131 Votes: 1 Revisions: 6

Updated February 18, 2019


Checkpoint Firewall Manager information is not showing correctly in LEM.

The information appears on the Monitor > Filters section as arriving with a new event every minute. However, in the ndepth search this does not appear to be the case.


If Checkpoint Firewall Manager has been setup to gather logs from other firewalls in the environment and send the logs to LEM, this issue will occur. The Checkpoint Firewall Manager is sending information straight to LEM, but not in any particular order.

The following example scenario shows that there is a log entry sent by a checkpoint firewall to the checkpoint firewall manager, that has the following timeframe inside its log entry: 14:15 17th of March 2016 xxxxxxxxxx

  • Other Checkpoint Firewalls > send logs to > Checkpoint Firewall Manager
  • Checkpoint Firewall Manager > sends these logs to (in no particular order) (in this example, it sends the logs at 16:15 17th of March 2016) > LEM
  • LEM > processes the logs themselves through it's configured connectors. > translates the information, and saves them to it's database. (In this example, it places the log entry accordingly with what timeframe is mentioned in the log itself, so on 17th of March 2016, 14:15)
  • LEM > shows in the LEM console Monitor section, what time it has received the logs. (In this example, LEM received the logs at 16:15 17th of March 2016, so in the insertion time, this is the time that will be displayed)


Following this scenario, if you search in nDepth for the logs, in the timeframe 16:15 17th of March 2016, you will not see an event/log entry. This is because the log itself had a different timeframe. What you should be looking for in the nDepth search is: 14:15 17th of March 2016.


  • LEM 6.2
  • Checkpoint Firewall Manager


This is due to the Checkpoint Firewall Manager. There is no particular order that the manager is sending the logs to LEM. LEM both makes a note of the time that it received the logs, but also makes a note of what time frame is within the log itself. This is where the confusion is occurring when searching for the logs in LEM on the console.


It is recommended to contact your Checkpoint Firewall Manager vendor to further troubleshoot this issue as LEM is behaving as expected.


Last modified