Hi,
Rule modification shown following way (in R65)
Number: 11264
Date: 29Jun2011
Time: 9:02:38
Application: SmartDashboard
Subject: Object Manipulation
Operation: Modify Object
Type: Log
Object Type: firewall_policy
Performed On: Standard
Changes: UID = {8E7D9D25-757B-4CA4-956B-623D0A559264}
Section Title 18 UID =
{B893952E-ED77-4BA0-B9A7-98179F744D09} state: changed from 'collapsed'
to 'expanded'
Rule 159: added 'security_rule' -
UID = {2950150B-9A7E-438A-9929-BFC280D3488C}
Source: Lync_DMZ
Destination: Any
VPN: Any
Service: domain-tcp
Action: accept
Install On: Cluster_IL
Administrator: alexey
Client: MANGIL1-VM
Client IP: MGMT-IL (172.30.10.25)
Object Table: fw_policies
Operation Number: 1
Origin: FW1-IL
Uid: {8E7D9D25-757B-4CA4-956B-623D0A559264}
So you should search for relevant UID in "Changes" field of audit logs.
Please be sure you are searching in correct logs (by date)
On Wed, Jun 29, 2011 at 9:21 AM, pkc mls <[email protected]> wrote:
> Le 27/06/2011 10:49, a bv a écrit :
>>
>> Hi list,
>
> Hi a
>>
>> I have some rules on the firewall and i have to find out who and when
>> created the specific rules (numbers given) . Audit logs on
>> smartviewtracker are not so easiliy understandable so i wanted to ask
>> the list for the best way.
>
> I'm afraid it's the only way for you to trace back what has been done.
> which version are you running ?
>
> looks like the 'create rule' doesn't exist in the operation list;
> you can search when the object that are used by this rule were created.
> you can also ask the firewall admins to comment what they do. (there is a
> comment column in firewall rulebase).
>
>
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
--
Sincerely,
Alexey Baltacov
[email protected] | Tel: +972-504989954
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
Scanned by Check Point Total Security Gateway.
