Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Oscar_Bernat
Explorer

Is there any API endpoint to retrieve or query raw logs (also suppressed logs)

Jump to solution
 
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

As I just posted in your other thread, suppressed logs are suppressed from being written anywhere.
Which means the logs simply don't exist, no matter how you might want to acquire them.
If you need those logs, you have to disable log suppression. 

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

R80.40 JHF and R81, yes.
https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.7
If you want all logs, you’re better off using something like Log Exporter.

0 Kudos
Oscar_Bernat
Explorer

We have been working with the show-logs API endpoint but suppressed logs are not accessible.

Do you mean that using the log exporter we can export all logs, even suppressed logs?

We integrated the logs with Splunk without luck, the suppressed logs are not being forwarded.

We have followed this integration document https://sc1.checkpoint.com/documents/App_for_Splunk/html_frameset.htm?topic=documents/App_for_Splunk...

Can the SIEM integration be changed to forward raw logs (also suppressed logs)?

Thanks!

 

0 Kudos
PhoneBoy
Admin
Admin

As I just posted in your other thread, suppressed logs are suppressed from being written anywhere.
Which means the logs simply don't exist, no matter how you might want to acquire them.
If you need those logs, you have to disable log suppression. 

View solution in original post

0 Kudos
Oscar_Bernat
Explorer

Thanks a lot!!

0 Kudos