Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Joshua_Boerum
Participant

Logs - API

Jump to solution

Are the logs accessible via the API?

-Josh

0 Kudos
1 Solution

Accepted Solutions
Julie_Paul
Employee
Employee
0 Kudos
6 Replies

R80 does doesn't have APIs that can read logs.

This is on our to-do list for a future release.

0 Kudos
Rasool_Irfan
Explorer

Does checkpoint support open and standard API to export internal logs and security events to SIEM

0 Kudos
PhoneBoy
Admin
Admin

A number of third party SIEMs support pulling logs from Check Point management devices.

It is done through the Log Export API (LEA), which is part of the OPSEC SDK​​.

fw1-loggrabber​ is an open source tool that pulls logs from Check Point devices.

0 Kudos
Julie_Paul
Employee
Employee

Yes we do today in R80.40 with latest JHF and with R81.    Check out  https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.6.1%20

0 Kudos
Douglas_Rich
Contributor

Will the API ever support grabbing logs by specific position, similar to how it was done with the OPSEC LEA... position as in the epoch value tracked by fw.logtrack? 

Currently the API only supports custom-start and custom-end  with ISO8601 format, which isn't very helpful when you want to write code making it impossible to miss a single log or avoid creating duplicates. 

Maybe I'm missing something?? 

0 Kudos
PhoneBoy
Admin
Admin

The logs API as it exists today is more about pulling specific logs versus streaming, which is what OPSEC LEA does.
Perhaps in the future we will have a different endpoint for streaming the logs beyond using Log Exporter.

0 Kudos