Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Joshua_Boerum
Participant
Jump to solution

Logs - API

Are the logs accessible via the API?

-Josh

0 Kudos
1 Solution

Accepted Solutions
Julie_Paul
Employee
Employee

Yes we do today in R80.40 with latest JHF and with R81.    Check out  https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.6.1%20

View solution in original post

0 Kudos
6 Replies
Uri_Bialik

R80 does doesn't have APIs that can read logs.

This is on our to-do list for a future release.

0 Kudos
Rasool_Irfan
Explorer

Does checkpoint support open and standard API to export internal logs and security events to SIEM

0 Kudos
PhoneBoy
Admin
Admin

A number of third party SIEMs support pulling logs from Check Point management devices.

It is done through the Log Export API (LEA), which is part of the OPSEC SDK​​.

fw1-loggrabber​ is an open source tool that pulls logs from Check Point devices.

0 Kudos
Julie_Paul
Employee
Employee

Yes we do today in R80.40 with latest JHF and with R81.    Check out  https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.6.1%20

0 Kudos
Douglas_Rich
Contributor

Will the API ever support grabbing logs by specific position, similar to how it was done with the OPSEC LEA... position as in the epoch value tracked by fw.logtrack? 

Currently the API only supports custom-start and custom-end  with ISO8601 format, which isn't very helpful when you want to write code making it impossible to miss a single log or avoid creating duplicates. 

Maybe I'm missing something?? 

0 Kudos
PhoneBoy
Admin
Admin

The logs API as it exists today is more about pulling specific logs versus streaming, which is what OPSEC LEA does.
Perhaps in the future we will have a different endpoint for streaming the logs beyond using Log Exporter.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events