You are on page 1of 46

Check Point Endpoint Security

License Server and Reporting Tool Administration Guide


Version R71

December 21, 2008


© 2003-2008 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying,
distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written
authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or
omissions. This publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer
Software clause at DFARS 252.227-7013 and FAR 52.227-19.
TRADEMARKS:

Please refer to http://www.checkpoint.com/copyright.html for a list of our trademarks.

For third party notices, see: http://www.checkpoint.com/3rd_party_copyright.html.


Contents

Preface Introduction ................................................................................................ 7


Who Should Read This Guide? ...................................................................... 7
Summary of Contents ................................................................................... 8
Contact Information ..................................................................................... 8
Feedback .................................................................................................... 8

Chapter 1 Overview
Introducing the License Server ...................................................................... 9
Licensing Files ..................................................................................... 10
License Pools ....................................................................................... 11
Shared Network Folder .......................................................................... 11
Service Account.................................................................................... 12
Reporting Tool........................................................................................... 12
Deployment Process................................................................................... 13
System Requirements ................................................................................ 15

Chapter 2 Installing License Server


Running the Installation Wizard .................................................................. 18
Initial Server Configuration ......................................................................... 20
Adding License Files .................................................................................. 21
Completing the Installation ......................................................................... 22
Upgrading the License Server ..................................................................... 24

Chapter 3 Using License Server


Working with the License Server.................................................................. 25
Working With Licenses .......................................................................... 26
Working with Shared Network Folders ..................................................... 33
Changing the License Server Password.................................................... 33
Command Line Tasks ................................................................................. 34
Command Line Summary....................................................................... 34
Displaying License Information .............................................................. 35
Deactivating an Endpoint Client License ................................................. 36
Offline License Activation ...................................................................... 36
Event Logging............................................................................................ 37
Changing the License IP Address ................................................................ 38
Stopping the License Server Service ............................................................ 40

Chapter 4 Reporting Tool


Overview ................................................................................................... 41
Before Using the Reporting Tool.................................................................. 42
Full Disk Encryption Status Files ............................................................ 42

Table of Contents 5
Encrypted Log Files .............................................................................. 43
Report File Locations ............................................................................ 43
Shared Folder Permissions..................................................................... 43
Firefox Settings .................................................................................... 43
Executing The Reporting Tool ..................................................................... 44
Command Reference.................................................................................. 44
Examples .................................................................................................. 45

6
Preface
Preface

In This Chapter

Introduction page 7
Who Should Read This Guide? page 7
Summary of Contents page 8
Contact Information page 8
Feedback page 8

Introduction
This document contains information regarding installation and use of the Check
Point License Server and Reporting tool. For information regarding installation and
use of specific Endpoint Security Client components, refer to their respective
Administration or Client guides.

Who Should Read This Guide?


This guide is intended for use by system administrators working with License
Server. As a License Server administrator, you should be familiar with your
organization network infrastructure, security requirements and operating
procedures.

7
Summary of Contents

Summary of Contents
This guide contains the following material:

TABLE 0-1

Chapter Description
Overview Introduces License Server and presents an overview
of the deployment process.
Installing License Server Describes the process of installing License Server.
Using License Server Describes how to perform license management
tasks using License Server.
Reporting Tool Introduces the Reporting Tool utility and presents
procedures for using it.

Contact Information
If you require information on other security Check Point products or services, or if
you encounter problems with License Server, please visit our web site or call us.

TABLE P-1 Contact information

Area Technical Support Sales


Telephone: The Americas 972-444-6600 1-800-429-4391
Elsewhere +972-3-6115100
Web site: www.checkpoint.com

Feedback
Check Point is engaged in a continuous effort to improve its documentation. Please
help us by sending your comments to:
cp_techpub_feedback@checkpoint.com

8
Chapter 1
Overview
In This Chapter

Introducing the License Server page 9


Reporting Tool page 12
Deployment Process page 13
System Requirements page 15

Introducing the License Server


The Endpoint Security License Server and Reporting Tool provides administrators
with tools to manage Endpoint Security licenses on client computers. The License
Server monitors and manages installed, activated and available licenses.
Administrators can use license pools to reserve licenses for specific groups of
endpoint clients.
The current License Server version provides limited license enforcement
functionality. Administrators are responsible for ensuring that sufficient licenses are
purchased and assigned to clients.

Note - License Server does not work with legacy Pointsec licenses or
evaluation licenses.

9
Licensing Files

The License Server performs the following tasks:


• Maintains pools of licenses that are available and/or assigned to clients
• Receives requests from clients to activate or deactivate licenses
• Provides tools for other license management tasks
Endpoint Security clients interact with the License Server as follows:
• Requests license activation from the License Server
• Notifies users of license status
• Requests license deactivation or client decommissioning when requested
In order for the License Server to activate a license for a particular client, the
corresponding license must either be installed on that client (Full Disk Encryption)
or associated with the server that manages that client (Secure Access and Media
Encryption). When a client activates a license from the License Server, it is
assigned exclusively to that client and becomes unavailable to other clients.
Endpoint Security clients do not communicate directly with the License Server.
Data is passed between clients and the License Server by means of data
temporarily stored in shared network folders.
Administrators manage licenses and keep track of license activations by using
either a GUI or a command line interface. Refer to Chapter 3, “Using License
Server” on page 25 for details.

Licensing Files
Customers obtain Endpoint Security license files from the Check Point User Center.
Each license file contains the following components:
• A Certificate key that uniquely identifies each license file and protects it
against tampering
• A specified quantity of endpoint licenses (seats) - each endpoint computer
requires one endpoint license
• Definition of the specific Endpoint Security Client features enabled by this
license
• License Server IP address

10
License Pools

License Pools
A license pool contains one or more endpoint license files available for assignment
to a specific group of endpoint clients. If a license pool does not contain any
available endpoint licenses, the administrator must purchase additional licenses
and add them to the pool or transfer an existing license file from another pool.
Upon installation, the License Server creates one pool, known as the global pool.
When using a single pool in a given environment, all endpoint licenses reside n the
global pool. You can define multiple license pools on a License Server to contain
licenses available only to specific groups of endpoint clients. For example,
individual departments, teams or branch offices can use their own license pools.
Administrators assign names to each new license pool. When multiple license pools
are in use, each client is assigned to a specific named pool by its profile or by the
server managing that client. If the pool to which a client is assigned does not exist,
licenses, if available, are allocated from the global (default) pool. Likewise, if there
are no available licenses in the assigned pool, licenses are allocated from the
global pool.
For example, if a client requests a Full Disk Encryption license, the License Server
first looks for an available license in the pool name that corresponds to the
‘Company Name’ in the profile. It this pool does not exist or does not contain any
available licenses, the License Server server looks for available licenses in the
global pool. If there are no available licenses in the global pool, the License Server
cannot assign a license and returns an error.

Shared Network Folder


The License Server communicates with endpoint clients via a shared network folder
located on the License Server computer. Permissions and network connectivity
must be configured to allow access to the shared network folder by the License
Server itself and all endpoint client computers served by that License Server.
You can define multiple shared network folders to support different networks,
subnets and permissions as required.

Chapter 1 Overview 11
Service Account

Service Account
The Service Account is a designated Windows user having access permission to
shared network folders and permission to run the License Service service. You
define the service account and password during the License Server installation
process and may be changed by an authorized administrator using the Windows
user definition process.

Reporting Tool
The Reporting Tool is a command line utility that summarizes and presents
information regarding Full Disk Encryption client status, including encryption,
licenses and logged events. Reports are saved as XML files and, by default,
automatically displayed in a web browser. The Reporting Tool can create the
following reports:
• Summary and detailed reports of client encryption status
• Reports showing client license usage and status
• Reports showing events gathered from client logs

12
Deployment Process

Deployment Process
The following table presents an overview of the process of deploying Endpoint
Security using the License Server.

Table 1-1 Deployment process

Step Description
1 Make an inventory of your network layout and clients to determine:
• How many endpoint licenses are required
• How many license servers are required
• How many endpoint licenses each server will manage
• Where the license server(s) will be deployed
• How many license pools are required
• Location and permissions for access to shared network folders
2 Create the shared network folders and configure your network and
firewall so that all endpoint computers can access them.
3 Acquire Check Point license file(s) that match your network set-up as
determined in Step 1.
4 Install the License Server(s).

Chapter 1 Overview 13
Deployment Process

Table 1-1 Deployment process

Step Description
5 Install Endpoint Security servers as required to support Endpoint
Security Client features deployed on your client computers. Make
certain that you purchase the appropriate licenses for these servers.
The following list shows which servers are required for each of the
available features:
• Full Disk Encryption: Full Disk Encryption master installation
• Port Protection: Media Encryption Server
• Media Encryption: Media Encryption Server
• Firewall: Secure Access Server
• Anti-Malware: Secure Access Server
• VPN Client: Secure Access Server
For installation instructions for these servers, please refer to the
relevant product documentation.
6 Install Endpoint Security Client on client computers.
7 Activate the license. Activation typically occurs automatically
following installation. If automatic activation is unsuccessful, activate
the license manually offline.
See the appropriate feature Administration Guide for information regarding client
installation, creating installation profiles, and deploying Endpoint Security to
clients.

14
System Requirements

System Requirements
The following table presents the minimum hardware and operating system
requirements for the License Server.

Table 1-2 License Server system requirements

Item Description
CPU Pentium III 450 MHz
Disk Space 300 MB
RAM 512 MB
Network Interface 1
Operating System Microsoft Windows XP Professional (SP2)
Windows Server 2003

Chapter 1 Overview 15
System Requirements

16
Chapter 2
Installing License Server
In This Chapter

Running the Installation Wizard page 18


Initial Server Configuration page 20
Adding License Files page 21
Completing the Installation page 22

This chapter provides detailed instructions for installing initially configuring the
License Server.

17
Running the Installation Wizard

Running the Installation Wizard


To install the License Server, perform the following steps:
1. From the Endpoint Security Deployment Utility installation CD, run
LicenseServer.exe, located in the \FullDiskEncryption\LicenseServer\
folder. The Welcome window opens.

Click Next to continue.


2. Click Next. to accept the license agreement.
3. Click Next to install the License Server at the default destination or click
Browse to select a different folder.

18
Running the Installation Wizard

4. Select the features that you wish to install. Both Endpoint Security License
Server and Endpoint Security Reporting Tool are selected by default.

Chapter 2 Installing License Server 19


Initial Server Configuration

Initial Server Configuration


Continue with Installation Wizard windows to perform the initial server
configuration.
1. In the License Server Password Settings window, enter and confirm the License
Server password.

2. In the License Server Shared Folders window, Click Add, and then browse to a
the shared network folders used to share data with Endpoint Security Client
computers. Repeat this step for each shared folder you wish to define.

Note - Mapped drives are not supported as shared network folders. Use
either UNC path names or local paths.

20
Adding License Files

Adding License Files


You can optionally add Endpoint Security License Server files to a license pool at
this point. If you do not wish to do so at this time, click Close to continue. For
more details regard the procedure for adding a license, refer to “Working With
Licenses” on page 26
To add a license from a file:
1. In the License Configuration window, click Fetch License from File.

2. In the Add License window, enter the fully qualified path or navigate to the
appropriate license file.

3. Click OK. Repeat this step for each license you wish to add. Click Close in the
License Configuration window to continue.
You can also add licenses by cutting and pasting the license string contained in the
email you received from the User Center. Refer to “Working With Licenses” on
page 26 for details.

Chapter 2 Installing License Server 21


Completing the Installation

Completing the Installation


This section describes the final steps of the installation process.
1. In the License Server Service Account dialog box, enter the user account name,
user password, and password confirmation in the designated fields. This user
account must have full access to the shared network folders and permissions to
run the License Server service.

Specify the user account in one of the following formats:


– Domain\User or Domain users: Domain\user or user@domain
– Local or workgroup users: Computer name\user

22
Completing the Installation

2. When the Wizard Complete window opens, click Yes, I want to restart my
computer now and then Finish.

After you install the License Server, configure the client to communicate with it.
Refer to the appropriate Administrator’s Guides for instructions.

Chapter 2 Installing License Server 23


Upgrading the License Server

Upgrading the License Server


This section describes the upgrade procedure for the License Server. The upgrade
process requires using two computers: the existing License Server platform and an
another computer with identical capabilities to serve as the upgrade target.
The upgrade process involves creating a fresh installation of the current License
server version on the target computer and then importing the configuration and
database from the existing platform. This process ensures uninterrupted service to
all endpoint clients.
To perform an upgrade:
1. Install the latest version of the License Server on the target computer as
described in “Running the Installation Wizard” on page 18. Do not reboot the
target computer once the installation is complete.
2. Copy DataBase and config.exe from the <Installation Folder>\bin folder on the
existing License Server computer to the same location on the target computer.
3. Copy shared.dir from the <Installation Folder>\conf folder on the existing License
Server computer to the same location on the target computer.
4. Reboot the target computer.
5. Run the License Server Utility (licServerUtil.exe) and verify that your
configuration settings and database have been successfully migrated.

24
Chapter 3
Using License Server
In This Chapter

Working with the License Server page 25


Command Line Tasks page 34
Event Logging page 37

Working with the License Server


You can use the Endpoint Security License Server graphical interface to perform
most of the basic license management tasks. Other features are available only by
using the command line interface.
The License Server comes with four stand-alone utilities that allow you to work with
License Server operations:
• License Configuration: Add, Remove or Move license files to another license pool
• Password Configuration: Change the License Server password
• Shared Folder Configuration: Add or change shared network folders
• License Server Utility: Work with the command line interface
To use the License Server utilities, click Start > All Programs > Check Point >
Endpoint Security License Server. Select the desired utility from the menu.

25
Working With Licenses

Working With Licenses


This section presents procedures for using the License Server utilities to manage
license files and endpoint client licenses.

Adding a License File from a File


To add a new license file from a file:
1. Run the License Configuration utility.
2. In the License Configuration window, click Fetch License from file.

3. In the Add License window, enter the fully qualified path or navigate to the
appropriate license file.

Click Change License Pool to change the license pool and/or create a new
license pool.

26
Working With Licenses

4. The new license file appears in the License Configuration window.

5. Repeat the preceding steps if you wish to add more license files.

Chapter 3 Using License Server 27


Working With Licenses

Adding a License Using Copy and Paste


You can also add a license by copying the license string from the email received
from the Support Center into the License Server.
To add a license using copy and paste:
1. Run the License Configuration utility.
2. In the License Configuration window, click Add License.

3. Copy the license string from the email that you received from the Support
Center, as indicated below. Make certain that you copy the entire license string,
even if it extends over more than one line.

28
Working With Licenses

4. In the Add License window, click Paste License. You can also manually type
license information in the designated fields.

5. Click Calculate to calculate and display the validation code. Compare this with
the validation code that appears in your email.

6. Click OK to confirm and add the license.

Chapter 3 Using License Server 29


Working With Licenses

Removing a License File


If you wish to remove a license file you must first deactivate all licenses currently
assigned to endpoint clients. Refer to “Deactivating an Endpoint Client License” on
page 36 for instructions.
To remove a license file:
1. Deactivate all assigned endpoint client licenses.
2. Run the License Configuration utility.
3. In the License Configuration window, select the desired license file and then
click Remove License.

Warning - If any licenses from the selected license file remain assigned
to endpoint clients, an error message appears. If you choose to
proceed, the License Server will automatically deactivate all such
licenses, effectively “decommissioning” those endpoint clients.
4. Click Yes to confirm.

30
Working With Licenses

Moving a License File to Another Pool


You can move a license file to another license pool at any time. This action has no
effect on licenses currently assigned to endpoint clients.
To move a license file to another pool:
1. In the License Configuration window, select the desired license file and then
click Change License Pool.

2. Click Yes to confirm that you wish to move this license file to a different pool.

Chapter 3 Using License Server 31


Working With Licenses

3. In the Change License Pool window, select the pool to which you wish to move
the license file and click OK.

a. If you wish to create a new license pool at this time, click New. Enter the
name of the new license pool in the designated field.

b. The license file now appears in the new license pool.

32
Working with Shared Network Folders

Working with Shared Network Folders


To work with shared network folders:
1. Run the Shared Network Folder Configuration utility.
2. In the License Shared Folders window,

Note - Mapped drives are not supported as shared network folders. Use
either UNC path names or local paths.

Changing the License Server Password


To change the license server password:
Run the Password Configuration utility. In the Password Settings window, enter and
confirm the new password,.

Chapter 3 Using License Server 33


Command Line Tasks

Command Line Tasks


You can use to the command line interface to view the status of licenses, pools and
clients. Additionally, the you must use the command line to deactivate licenses and
to perform offline license activation.
To access the command line:
Click Start > All Programs > Check Point > Endpoint Security License Server > License
Server Utility.

A license status summary appears showing shared folders and general license
information.

Command Line Summary


The following table shows the available commands and their syntax:
Task Command
info info <option> [-d detailed] [-ck <certificate key>]
[-pool <license pool> | all] [-f <FQDN>] [-g <GUID>]
[-r html report [-s]] [-t truncated] [-o <outputfile>]
[-h help]

Options:
-l Display License Information
-c Display Clients Information
-decom Display deactivated licneses
decom decom (-g <GUID> | -f <FQDN>) [-pool <license pool>]
[-h help]
offline offline -r <request challenge> -f <FQDN> [-pool
<license pool>] [-h help]

34
Displaying License Information

Displaying License Information


You use the info command to display information regarding licenses, licensed
clients and deactivated clients. You can display information either in the command
window or graphically in a web browser. Additionally, you have the option of saving
the information in a text file.
The following table presents the available arguments and options.
Figure 3-1 Info command parameters

Argument Description
-l Returns license information
-c Returns client information
-decom Returns deactivated clients
-d Creates a detailed report
-ck <certificate key> Returns only the specified certificate key
-pool [pool name] or Returns only results from the specified license pool. The
[all] all argument results from all pools. If you do not specify
a pool name, results from the global pool appear.
-f Display only the specified client FDQN
-g Display only the specified GUID
-r {-s} Create and save an html file and display it in a web
browsers. The optional -s argument saves the html file
without displaying in the browser.
Files are saved in the /WebData/Reports subdirectory.
-t Display detailed report with truncated columns to fit in
an 80 character command line window)
-o <output file> Create report as text file to the specified file name

You can use only one filter argument (-ck, -f, -g) in any command.
Example: Viewing status of installed Licenses by certificate key
Info –l -d -ck CF7550EF8C05 -pool MyNewPool -r displays a detailed license
file for a specific certificate key in MyNewPool in a web browser.
Example: Viewing status of all installed clients to a text file
Info –c -pool all -o client_report.txt creates a text file containing basic
information for all installed clients.

Chapter 3 Using License Server 35


Deactivating an Endpoint Client License

Deactivating an Endpoint Client License


When uninstalling Endpoint Security Client, the client typically notifies the License
Server. The license should automatically be released and returned to the pool as an
available license.
If a license is not released automatically, either because the uninstall process
failed to complete properly or because the client computer could not communicate
with the License Server, it is necessary to deactivate it manually. You may also wish
to manually deactivate a license for an endpoint client that is temporarily out of
service to free up the license.
To manually deactivate a license:
1. Open the License Server Utility window.
2. Enter the decom command using the following syntax:
decom (-g <GUID> | -f <FQDN>) [-pool <license pool>] [-h help]

a. Enter values for either the GUID or FDQN for the client.
b. Enter the optional license pool argument (-pool) if desired. The global pool
is assumed if no argument is provided.

Offline License Activation


If the Endpoint Security client cannot access the licensed server, or fails to receive
a response from the license server, you will need to activate the license offline. If,
after 15 minutes, the client does not receive a response from the License Server,
an error message appears, instruction the user to contact the administrator.
To activate a client license offline:
1. The client user contacts the License Server administrator, providing the
following information:
– Fully qualified domain name (FQDN)
– Request challenge as displayed by the client
2. Use the offline command to generate a response code using the syntax:
offline -r <request challenge> -f <FQDN>
[-pool <license pool>] [-h help]
If the pool argument is not supplied, the global pool is assumed.
3. Send the response code to the client user.

36
Event Logging

Event Logging
License Server provides a basic set of logging and auditing features. The following
events are recorded in the LicSerLog.log file located in the Log subfolder of License
Server
• Adding/removing license file
• Adding/removing Shared folder
• Changing the password
• Activating a client
• Deactivating a client
• Offline activation
The following License Server events are recorded in the client side log file:
Event Description
EVID_LICENSE_INVALID An invalid license was detected.
EVID_LICENSE_EXPIRED An expired license was detected.
EVID_LICENSE_ACTIVATION A license was activated on a
license server.
EVID_FAILED_LICENSE_ACTIVATION A license activation failed
EVID_LICENSE_DEACTIVATION A license was deactivated on he
license server.
EVID_FAILED_LICENSE_DEACTIVATION License deactivation failed.
EVID_LICENSE_SERVER_INCONSISTENCY A client detects a license server
inconsistency.
For example:
The element <transaction
counter> in a response message
is lower than in the previous
response. This will happen if the
license server is reinstalled.

Chapter 3 Using License Server 37


Changing the License IP Address

Changing the License IP Address


Check Point licenses are assigned to specific IP addresses. In the case of the
License Server, licenses are assigned to the License Server IP address.
In some cases, the License Server IP address is not known when requesting a
license from the User Center. In such cases, you can use a dummy IP address to
request the license and later change it in the User Center when the correct IP
address becomes known.
To change a license IP address in the User Center:
1. Log into the User Center at http://usercenter.checkpoint.com.
2. Click Products on the menu.
3. Select an account name if you have more than one account.
4. Click My Products on the sub-menu, if this option is not selected automatically
by default. A list of products appears below.
5. Select the product license that you want to change.
.

6. Select License from the list at the right.

38
Changing the License IP Address

7. Change the IP address in the indicated field.

8. Click Change.
9. Click Get License.
10. Click Get License File to download the new license.
11. Add the new license file to the License Server.

Chapter 3 Using License Server 39


Stopping the License Server Service

Stopping the License Server Service


It is strongly recommended that users do not manually stop the License Server
service. Stopping the License Server service may result in the following message:

40
Chapter 4
Reporting Tool
In This Chapter

Overview page 41
Before Using the Reporting Tool page 42
Executing The Reporting Tool page 44
Command Reference page 44
Examples page 45

Overview
The Reporting Tool is a command line utility that summarizes and presents
information regarding Full Disk Encryption client status, including encryption,
licenses and logged events. Reports are saved as XML files and, by default,
automatically displayed in a web browser. The Reporting Tool can create the
following reports:
• Summary and detailed reports of client encryption status
• Reports showing client license usage and status
• Reports showing events gathered from client logs
Administrators can analyze files located in the network shared folders specified in
the License Server configuration or specify a location containing files for the tool to
analyze. The Reporting Tool is typically installed together with the License Server.
You can, however, install it as a separate, stand-alone utility.
For further information refer to the Full Disk Encryption Administration Guide.

41
Before Using the Reporting Tool

Before Using the Reporting Tool


This section presents several issues and steps that must be performed before using
the Reporting tool.

Full Disk Encryption Status Files


In order for the Reporting Tool to access client status, you must configure each Full
Disk Encryption client to store status files in the appropriate shared folder.
To configure Full Disk Encryption:
1. In the FDE Management Console, select Local in the Navigation Tree and then
click Edit in the Actions pane.
2. In the Local window, select Install from the Navigation Tree.

3. Double click the Enable Export of Status to File parameter.


4. Enable the option and then click OK.
5. In the Local window, click Save.
Repeat these steps for each FDE client. It is recommended that administrators
correctly configure this parameter in installation profiles for new clients.

42
Encrypted Log Files

Encrypted Log Files


In order to decrypt password protected log files, it is necessary to use the -p
argument and enter the correct password when executing the Reporting Tool.
Obviously, the password must be the same as the one used to encrypt the file on
the client.
The Reporting Tool will not extract any data from files that it cannot decrypt. Data
is always extracted from unencrypted files with or without a password.
It is recommended that administrators configure a uniform log password in
configuration profiles for all new clients.

Report File Locations


By default, reports are stored in subdirectories named according to the date and
time that the report was generated as follows: Reports\dd-mm-yyyy-hh-mm-ss. XSL
files are stored in the Reports directory. The XSL files are used to display reports in
HTML format in a Web browser.

Shared Folder Permissions


Administrators should have read permissions for the shared network folders on the
License Server.

Firefox Settings
To display reports in Firefox version 3.0 and higher:
1. Go to the following URL: about:config.
2. If the following warning appears, click I’ll be careful.

3. On the Advanced Settings page, double-click the


security.fileuti.strict_origin_policy parameter and change it to false.

Chapter 4 Reporting Tool 43


Executing The Reporting Tool

Executing The Reporting Tool


The reporting tool command, dslogs.exe, is located in the in the License Server
program executable folder, typically:
C:\Program Files\CheckPoint\Endpoint Security\LicenseServer\R70\bin\.
To execute the Reporting Tool:
1. Open a command window,
2. Navigate to the License Server program executable folder and execute
dslogs.exe,

Note - You cannot use the License Server Utility window to execute the
Reporting Tool.

Command Reference
The dslogs.exe, basic syntax is as follows:
dslogs.exe <Report Option> <Input Argument> [Optional Arguments]
The following tables explain the various options and arguments:
Table 4-1 Report Options

Argument Description
-s Summary encryption status report
-sd Detailed encryption status report
-lic Client license status report (available only when the Reporting
Tools is not installed together with the License Server).
-log Client event log report
-all All reports

Note - The -lic and -all reports calculate the number of licenses
differently when the Reporting Tool is not installed together with the
License Server.

44
Examples

Table 4-2 Input Arguments

Argument Description
-l <path> Extracts data from all files located in the specified folder.
A fully qualified path to the specified folder is required.
- lr <path> Extracts data from all files in the specified folder and all
subfolders. A fully qualified path to the specified parent
folder is required.
dirs_list Extracts data from all files located in folders contained in
-f <file name> the specified text file. Fully qualified paths to each of the
folders, as well as to the text file, are required.
files_list Extracts data from all files contained in the specified text
-f <file name> file. Fully qualified paths to each file in the list, as well
as to the text file itself, are required.
<file name> Extract data from the specified file. A fully qualified path
to the specified file is required. Can only be used with
the -sd and -log report types.
Table 4-3 Report Options

Argument Description
-n <any integer> Extracts only the last specified number of entries
-p <password> Uses the specified password to decrypt protected log files
-o <output folder> Specifies the destination folder for the output reports
(created under the Reports folder).
-sl Silent mode - suppresses displaying reports in a browser
-v Displays detailed (verbose) information

Examples
dslogs.exe -sd -f C:\logs\status.txt - Generates a detailed encryption status report
from the data contained in the status.txt.file.
dslogs.exe -log -f C:\logs\test.log Generates an event log report containing the last
10 events contained in the test.log file.
dslogs.exe -all -lr C:\Shared\Log - Generate license, encryption status and log reports
from all files contained in the C:\Shared\Log folder.

Chapter 4 Reporting Tool 45


Examples

dslogs.exe -s Generates encryption status report from all the files located in the
defined shared network folder and its subdirectories.

46

You might also like