Configuring the SmartEvent Clients
Configuring SmartEvent
Page 30
Defining Correlation Units and Log Servers for
SmartEvent
1. From the
Policy
view of the SmartEvent Intro client, select
General Settings > Initial Settings >
Correlation Units
.
2. Select
Add
.
3. Click the button of the
Correlation Unit
field.
4. In the
Select Objects
window, select a Correlation Unit.
Note
- In a Multi-Domain Security Management environment, add the log servers for each CMA.
5. Click
OK
.
6. Click
Add
and select the Log Servers available as data sources to the Correlation Unit.
7. Select
Save
.
8. From the
Actions
menu, select
Install Events policy
.
At this point, SmartEvent Intro will begin to read logs and detect events.
To learn how to manage and fine-tune the system using the SmartEvent Intro Client, see the
SmartEvent
Administration Guide
for your software version on the Check Point Support Center
http://supportcenter.checkpoint.com
).
Creating a Consolidation Session for SmartReporter
The Consolidation session reads logs from the log server and adds them to the SmartReporter database.
If there is a single log server in the environment, the Consolidation session is automatically created.
If there is more than one log server, you must create the Consolidation session for each log server.
To create a Consolidation session:
1. In the
Selection Bar
view, select
Management > Consolidation
.
2. Select the
Sessions
tab.
3. Click
Create New
to create a new session.
The
New Consolidation Session
window appears.
4. Select the log server from which logs will be collected and will be used to generate reports.
5. Click
Next
.
The
New Consolidation Session
window appears.
6. Choose whether to use the default source logs and database tables, or select custom source logs and
database tables for consolidation.
If you selected
Select default log files and database
, click
Finish
to complete the process. The source of
the reports will be preselected logs. The report data will be stored in the default database table named
CONNECTIONS. The preselected logs are the sequence of log files that are generated by Check Point
products. The preselected logs session will begin at the beginning of the last file in the sequence, or at the
point the sequence was stopped.
If you want to customize the Consolidation session refer to the
SmartReporter Administration Guide
for your
software version on the Check Point Support Center (
http://supportcenter.checkpoint.com
).