Solved: Re: Logs - API

Joshua_Boerum · ‎2016-07-12

Are the logs accessible via the API?

-Josh

Julie_Paul · ‎2020-10-27

Yes we do today in R80.40 with latest JHF and with R81. Check out https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.6.1%20

View solution in original post

Uri_Bialik · ‎2016-07-13

R80 does doesn't have APIs that can read logs.

This is on our to-do list for a future release.

Rasool_Irfan · ‎2017-05-26

Does checkpoint support open and standard API to export internal logs and security events to SIEM

PhoneBoy · ‎2017-05-26

A number of third party SIEMs support pulling logs from Check Point management devices.

It is done through the Log Export API (LEA), which is part of the OPSEC SDK.

fw1-loggrabber is an open source tool that pulls logs from Check Point devices.

Julie_Paul · ‎2020-10-27

Yes we do today in R80.40 with latest JHF and with R81. Check out https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.6.1%20

Douglas_Rich · ‎2022-06-20

Will the API ever support grabbing logs by specific position, similar to how it was done with the OPSEC LEA... position as in the epoch value tracked by fw.logtrack?

Currently the API only supports custom-start and custom-end with ISO8601 format, which isn't very helpful when you want to write code making it impossible to miss a single log or avoid creating duplicates.

Maybe I'm missing something??

PhoneBoy · ‎2022-06-20

The logs API as it exists today is more about pulling specific logs versus streaming, which is what OPSEC LEA does.
Perhaps in the future we will have a different endpoint for streaming the logs beyond using Log Exporter.

Are you a member of CheckMates?

Logs - API