V 2.0 : SmartConsole Events

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

V 2.0 : SmartConsole Events

Base Rule

General Information

Information

Product

<vmid>

Text/String

Product name

Originip

<dip>

IP Address

IP of the log origin 

origin

<dname>

Text/String

Name of the first Security Gateway that reported this event

Operation

<action>
<tag1>

Text/String

N/A

subject

<vendorinfo>

Text/String

Audit log category

status

N/A

N/A

OK/Warning/Error

administrator

<login>

Text/String

User who performed the operation

client

N/A

N/A

N/A

performedon

N/A

N/A

The name of the object that is affected by the action

objecttable

N/A

N/A

N/A

objecttype

N/A

N/A

The type of the affected object

generalinformation

N/A

N/A

N/A

Action

N/A

N/A

N/A

ifdirection

N/A

N/A

Connection direction

ifname

N/A

N/A

The name of the Security Gateway interface through which a connection traverses

session_id

N/A

N/A

N/A

alert

N/A

N/A

Alert level of matched rule (for connection logs)

client_ip_host

<sip>

IP Address

IP address of the client machine from which the change was performed

flags

N/A

N/A

Checkpoint internal field

loguid

N/A

N/A

UUID of unified logs  

orginsicname

N/A

N/A

Machine SIC 

sequencenum

N/A

N/A

Number added to order logs with the same Linux timestamp and origin

version

N/A

N/A

N/A

admin_level

N/A

N/A

N/A

cma_name

N/A

N/A

N/A

customer_name

N/A

N/A

N/A

fieldschanges

N/A

N/A

Specific changes done on the affected object

sendtotrackerasadvancedauditlog

N/A

N/A

N/A

session_description

N/A

N/A

N/A

session_name

N/A

N/A

N/A

session_uid

N/A

N/A

N/A

mds_name

N/A

N/A

N/A

operation_number

N/A

N/A

Operation number done by the administrator, with each operation represented by a number 

uid

N/A

N/A

N/A