Log files and host names.

Hi,

Quick question,

In checkpoint there is a function in smart view tracker to resolve IP in the logs. Now does this take place as each log entry is made, or only when you are viewing the logs?

The reason I ask is if I look at the Logs 2 weeks after the event, is the host name I see resolved, the Device that was using the IP Address at the time the log was made, or the one currently using it.

I want to be sure I can track back not only what IP address is in the log, but the specific device that that data came from, even if since then it may have changed its IP.

Cheers

Find more posts tagged with

Comments

DPG

Logging is only done by IP address as far as I know. The hostnames are resolved in real-time when you use SmartView Tracker.

DevilWAH

OK cheers.

this seems a odd way to do it, as with DHCP IP assigment will change and part of the reason for having logs is so you can go back and see who did what when?

I have a requirment that we need to be able to go back and tell what PC sent the data, from what you are saying the only was is to staticly assing the IP address.

DevilWAH

DevilWAH wrote: »

OK cheers.

this seems a odd way to do it, as with DHCP IP assigment will change and part of the reason for having logs is so you can go back and see who did what when?

I have a requirment that we need to be able to go back and tell what PC sent the data, from what you are saying the only was is to staticly assing the IP address.

Identity awareness was the way to go, turned on it authentic traffic agisnt AD and logs this, giving even more traceability than IP or resolved host names