This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
Joshua_Boerum
Participant
‎2016-07-12 01:15 PM

Logs - API

Jump to solution

Are the logs accessible via the API?

-Josh

0 Kudos
1 Solution

Accepted Solutions
Julie_Paul
Employee
Employee
‎2020-10-27 06:57 AM

Jump to solution

Yes we do today in R80.40 with latest JHF and with R81.    Check out  https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.6.1%20

View solution in original post

0 Kudos
6 Replies
Uri_Bialik
Mod
Mod
‎2016-07-13 12:58 PM

Jump to solution

R80 does doesn't have APIs that can read logs.

This is on our to-do list for a future release.

0 Kudos
Rasool_Irfan
Explorer
‎2017-05-26 12:57 AM

Jump to solution

Does checkpoint support open and standard API to export internal logs and security events to SIEM

0 Kudos
PhoneBoy
Admin
Admin
‎2017-05-26 08:19 AM
In response to Rasool_Irfan

Jump to solution

A number of third party SIEMs support pulling logs from Check Point management devices.

It is done through the Log Export API (LEA), which is part of the OPSEC SDK​​.

fw1-loggrabber​ is an open source tool that pulls logs from Check Point devices.

0 Kudos
Julie_Paul
Employee
Employee
‎2020-10-27 06:57 AM

Jump to solution

Yes we do today in R80.40 with latest JHF and with R81.    Check out  https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.6.1%20

0 Kudos
Douglas_Rich
Contributor
Monday
In response to Julie_Paul

Jump to solution

Will the API ever support grabbing logs by specific position, similar to how it was done with the OPSEC LEA... position as in the epoch value tracked by fw.logtrack? 

Currently the API only supports custom-start and custom-end  with ISO8601 format, which isn't very helpful when you want to write code making it impossible to miss a single log or avoid creating duplicates. 

Maybe I'm missing something?? 

0 Kudos
PhoneBoy
Admin
Admin
Monday
In response to Douglas_Rich

Jump to solution

The logs API as it exists today is more about pulling specific logs versus streaming, which is what OPSEC LEA does.
Perhaps in the future we will have a different endpoint for streaming the logs beyond using Log Exporter.

0 Kudos