cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Export logs to CSV

Hello, I need to export logs to CSV for one particular firewall rule, but system exports only about 50 rows, which I can see on a screen, instead of several thousands in total. We asked support, they told it is a bug. I akso tried Smartview on Smartevent, but it has a limited amount of columns. Is there a workarounf for this issue?

8 Replies

Re: Export logs to CSV

It rather is very easy but you need the CLI - sk39573 How to read a Check Point log file in its native format shows that fwm logexport -n -p -i <Log File Name> -o <Output File Name> will write into a file something  similar to:
 23:55:20 5 N/A  1  encrypt GWR7720 < eth0  LogId: 0; ContextNum: <max_null>; OriginSicName: CN=GWR7720,O=SMS7520.isag.at.puwfph; OriginSicName: CN=GWR7720,O=SMS7520.isag.at.puwfph; HighLevelLogKey: 18446744073709551615; inzone: Local; outzone: External; service_id: tunnel_test; src: GWR7720; dst: GWS76; proto: udp; scheme:: IKE; methods:: ESP: AES-128 + SHA1; peer gateway: GWS76; encryption failure:: ; partner: ; community: MyIntranet; fw_subproduct: VPN-1; vpn_feature_name: VPN; user: ; src_user_name: ; src_machine_name: ; src_user_dn: ; snid: ; dst_user_name: ; dst_machine_name: ; dst_user_dn: ; UP_match_table: TABLE_START; ROW_START: 0; match_id: 0; layer_uuid: 2a629077-642c-45b6-8b09-591babb2b77d; layer_name: newpolicy15 Security; rule_uid: 0E3B6801-8AB0-4b1e-A317-8BE33055FB43; rule_name: Implied Rule ; action: 2; parent_rule: 0; ROW_END: 0; UP_match_table: TABLE_END; ProductName: VPN-1 & FireWall-1; svc: tunnel_test; sport_svc: 53452; ProductFamily: Network;

If you now filter by rulename you have logs for one rule only.

Re: Export logs to CSV

If you are on R80 you can use SmartView or old school Tracker (should help with limited columns) 

Cannot export more than 50 records (logs) to Excel in R80 

Re: Export logs to CSV

Thanks, we tried these options, but we need all amount of columns, plus we need logs for 24 hours and this is more than one log file. Maybe you know when this functionality will start working in normal way? Maybe in R80.20?

Re: Export logs to CSV

Did you already try fwm logexport ? This gives all columns and you can export everx log file, too !

Re: Export logs to CSV

We stumbled upon this problem too. This is to say it frank rubbish... We have a log server and management server on R80.20 and log export is a pain. 

Put some priority in this at least and release a new Smart Console

0 Kudos
Admin
Admin

Re: Export logs to CSV

Use SmartView to do this, which can export up to a million records to CSV.

https://management-ip/SmartView

Note that Log/Reporting in SmartConsole will ultimately become SmartView.

Re: Export logs to CSV

Thanks for the hint regarding SmartView.  We managed to export the necessary logs this way. 

However log export in SmartConsole is clearly broken and it would be nice to get a fixed version. 

0 Kudos
Admin
Admin

Re: Export logs to CSV

The ultimate "fix" for this issue will be when SmartConsole just uses SmartView.

This is planned for later releases.

0 Kudos