Article Number
000001310
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI
RSA Version/Condition: 10.4 and above
Platform: CentOS
Platform (Other): Check Point Smart Tracker
Issue
When viewing a raw Check Point log in RSA Security Analytics, the time displayed may be different from that when viewing the event in the Check Point Smart Tracker.
Check Point logs (but in general most of security devices logs) are stored internally in UTC time on the system. When displayed in the Smart Tracker the time displayed for the event is calculated from the Timezone set for the Check Point system.
Here an example:
- You can see here some log entries on the Check Point Smart Tracker. The time is in EST (UTC -5)
- The same log entry highlighted above can be seen in the Security Analytics Investigator. The entry is in UTC (EST +5) as you can see from the screenshot below:
- The time in the Check Point itself is set in EST timezone, however the logs are generated in UTC:
Resolution
The Check Point firewall (and most of security devices) generates logs in UTC.