1. Check Point Security Gateway - Sends logs to the Log Server.
2. Log Server - Stores logs.
3. SmartEvent Correlation Unit - Identifies events: Analyzes each log entry from a Log Server, and looks for patterns according to the installed Event Policy. The logs contain data from Check Point products and certain third-party devices. When a threat pattern is identified, the SmartEvent Correlation Unit forwards the event to the SmartEvent Server.
4. SmartEvent Server - The SmartEvent Server: Indexes logs for SmartView, Defines the event , policy, Manages correlation units
5. Events database - Stores events. Located on the SmartEvent Server.
6. SmartEvent client - Shows the received events. Uses the clients to manage events (for example: to filter and close events), fine-tunes, and installs the Event Policy. The clients are: SmartConsole, SmartView Web Application
https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_LoggingAndMonitoring_AdminGuide/Topics-LMG/SmartEvent-Architecture.htm
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
babochnik
1 month, 2 weeks agoNikolas
1 year, 10 months ago