This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Joshua_Boerum
Participant
‎2016-07-12 01:15 PM
Jump to solution

Logs - API

Are the logs accessible via the API?

-Josh

0 Kudos
1 Solution

Accepted Solutions
Julie_Paul
Employee
Employee
‎2020-10-27 06:57 AM
Jump to solution

Yes we do today in R80.40 with latest JHF and with R81.    Check out  https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.6.1%20

View solution in original post

0 Kudos
6 Replies
Uri_Bialik
Mod
Mod
‎2016-07-13 12:58 PM
Jump to solution

R80 does doesn't have APIs that can read logs.

This is on our to-do list for a future release.

0 Kudos
Rasool_Irfan
Explorer
‎2017-05-26 12:57 AM
Jump to solution

Does checkpoint support open and standard API to export internal logs and security events to SIEM

0 Kudos
PhoneBoy
Admin
Admin
‎2017-05-26 08:19 AM
In response to Rasool_Irfan
Jump to solution

A number of third party SIEMs support pulling logs from Check Point management devices.

It is done through the Log Export API (LEA), which is part of the OPSEC SDK​​.

fw1-loggrabber​ is an open source tool that pulls logs from Check Point devices.

0 Kudos
Julie_Paul
Employee
Employee
‎2020-10-27 06:57 AM
Jump to solution

Yes we do today in R80.40 with latest JHF and with R81.    Check out  https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.6.1%20

0 Kudos
Douglas_Rich
Contributor
‎2022-06-20 03:27 PM
In response to Julie_Paul
Jump to solution

Will the API ever support grabbing logs by specific position, similar to how it was done with the OPSEC LEA... position as in the epoch value tracked by fw.logtrack? 

Currently the API only supports custom-start and custom-end  with ISO8601 format, which isn't very helpful when you want to write code making it impossible to miss a single log or avoid creating duplicates. 

Maybe I'm missing something?? 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-06-20 06:44 PM
In response to Douglas_Rich
Jump to solution

The logs API as it exists today is more about pulling specific logs versus streaming, which is what OPSEC LEA does.
Perhaps in the future we will have a different endpoint for streaming the logs beyond using Log Exporter.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events