https://community.checkpoint.com/t5/API-CLI-Discussion/Is-there-any-API-endpoint-to-retrieve-or-query-raw-logs-also/m-p/108726#M5532 <P>We have been working with the show-logs API endpoint but suppressed logs are not accessible.</P><P>Do you mean that using the log exporter we can export all logs, even suppressed logs?</P><P>We integrated the logs with Splunk without luck, the suppressed logs are not being forwarded.</P><P>We have followed this integration document <A href="https://sc1.checkpoint.com/documents/App_for_Splunk/html_frameset.htm?topic=documents/App_for_Splunk/207353" target="_blank">https://sc1.checkpoint.com/documents/App_for_Splunk/html_frameset.htm?topic=documents/App_for_Splunk/207353</A></P><P>Can the SIEM integration be changed to forward raw logs (also suppressed logs)?</P><P>Thanks!</P><P>&nbsp;</P> Mon, 25 Jan 2021 08:04:54 GMT Oscar_Bernat 2021-01-25T08:04:54Z https://community.checkpoint.com/t5/API-CLI-Discussion/Is-there-any-API-endpoint-to-retrieve-or-query-raw-logs-also/m-p/108544#M5523 Fri, 22 Jan 2021 16:09:07 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Is-there-any-API-endpoint-to-retrieve-or-query-raw-logs-also/m-p/108544#M5523 Oscar_Bernat 2021-01-22T16:09:07Z https://community.checkpoint.com/t5/API-CLI-Discussion/Is-there-any-API-endpoint-to-retrieve-or-query-raw-logs-also/m-p/108554#M5524 <P>R80.40 JHF and R81, yes.<BR /><A href="https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.7" target="_blank">https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.7</A><BR />If you want all logs, you’re better off using something like Log Exporter.</P> Fri, 22 Jan 2021 17:28:24 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Is-there-any-API-endpoint-to-retrieve-or-query-raw-logs-also/m-p/108554#M5524 PhoneBoy 2021-01-22T17:28:24Z https://community.checkpoint.com/t5/API-CLI-Discussion/Is-there-any-API-endpoint-to-retrieve-or-query-raw-logs-also/m-p/108726#M5532 <P>We have been working with the show-logs API endpoint but suppressed logs are not accessible.</P><P>Do you mean that using the log exporter we can export all logs, even suppressed logs?</P><P>We integrated the logs with Splunk without luck, the suppressed logs are not being forwarded.</P><P>We have followed this integration document <A href="https://sc1.checkpoint.com/documents/App_for_Splunk/html_frameset.htm?topic=documents/App_for_Splunk/207353" target="_blank">https://sc1.checkpoint.com/documents/App_for_Splunk/html_frameset.htm?topic=documents/App_for_Splunk/207353</A></P><P>Can the SIEM integration be changed to forward raw logs (also suppressed logs)?</P><P>Thanks!</P><P>&nbsp;</P> Mon, 25 Jan 2021 08:04:54 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Is-there-any-API-endpoint-to-retrieve-or-query-raw-logs-also/m-p/108726#M5532 Oscar_Bernat 2021-01-25T08:04:54Z https://community.checkpoint.com/t5/API-CLI-Discussion/Is-there-any-API-endpoint-to-retrieve-or-query-raw-logs-also/m-p/108729#M5533 <P>As I <A href="https://community.checkpoint.com/t5/Security-Management/What-is-the-impact-of-removing-log-suppression/m-p/108727/highlight/true#M25361" target="_self">just posted in your other thread</A>, suppressed logs are suppressed from being written anywhere.<BR />Which means the logs simply don't exist, no matter how you might want to acquire them.<BR />If you need those logs, you have to disable log suppression.&nbsp;</P> Mon, 25 Jan 2021 08:15:48 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Is-there-any-API-endpoint-to-retrieve-or-query-raw-logs-also/m-p/108729#M5533 PhoneBoy 2021-01-25T08:15:48Z https://community.checkpoint.com/t5/API-CLI-Discussion/Is-there-any-API-endpoint-to-retrieve-or-query-raw-logs-also/m-p/109251#M5535 <P>Thanks a lot!!</P> Fri, 29 Jan 2021 07:56:59 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Is-there-any-API-endpoint-to-retrieve-or-query-raw-logs-also/m-p/109251#M5535 Oscar_Bernat 2021-01-29T07:56:59Z