On This Page
From January 01, 2023, TOS R21-3 Classic is EOL. Technical support will be available for a limited period to customers with Extended Support agreements.
Retrieving the Check Point Audit Log
By default, Check Point management servers (SmartCenters and Provider-1 CMAs) store audit logs that track administrative actions locally, rather than sending them to the Log Server or CLM. SecureTrack retrieves audit logs from the management server, not from the Log Server or CLM. If you configured your management server to send audit logs to the Log Server or CLM, you must configure SecureTrack to retrieve them from there.
To configure SecureTrack to retrieve audit logs from the Log Server or CLM:
- Add to SecureTrack the first management server and its associated Log Server or CLM.
- In the Device Configuration list, select the relevant management server (not the log server).
- Click Edit configuration:
- Click Next and Next.
- In the stage 3 page, select Custom.
- By Retrieve audit logs from, select the appropriate CLM/Log Server:
- Click Next, and then Save.
How Do I Get Here?
In SecureTrack, go to