- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi guys!
We were testing filters for the LogExporter tool.
We managed to run some filtering but we have one filter pending, we are trying to filter the sending of firewall status logs, which come from the firewall messages.
We are editing the configuration file, one of the examples we were able to replicate is to send only audit logs but actually we need to disable only the sending of fw messages logs.
In the following way we edit the configuration file to meet the auditing requirement.
log_types>audit</log_types><!--all[default]|log|audit/-->
Can anyone give us some guidance?
That looks like the correct thing to edit (set it to audit instead of all).
If it's not working after restarting Log Exporter, I suggest a TAC case: https://help.checkpoint.com
Hello PhoneBoy.
How are you?
Thank you for your reply.
In case we want to filter only the logs of the firewall messages, do you know how we should edit this configuration file?
In your original post, you said "we need to disable only the sending of fw messages logs."
By sending only audit logs, you are filtering out ALL firewall message logs (as none will be sent).
In this response, you said "we want to filter only the logs of the firewall messages" which is a bit different.
What are your exact requirement(s) here?
Be as specific as possible and include version/JHF of your management.
Hello PhoneBoy.
Previously we had implemented the auditlog filter successfully.
Actually we need to see all the firewall logs, only excluding the fw messages, but we could not achieve it.
The management version is R81.20 and the JHF is take 10.
Thank you.
I don't understand what "fw messages" you are referring to.
Can you provide specific examples, preferably with a full log card (with sensitive details redacted)?
Hi PhoneBoy.
The logs we refer to would be the following based on the following SK: sk144192
So you do NOT want logs that have something in this field?
Maybe something like the following in your <filters> stanza of $EXPORTERDIR/targets/<Name of Log Exporter Configuration>/conf/FilterConfiguration.xml:
<field name="fw_messages" operator="and">
<value operation="eq"></value> </field>
Otherwise, I suggest contacting the TAC: https://help.checkpoint.com
As mentioned in sk122323, filtering works only for Action / Blade / Origin fields. Not sure if it is possible to filter out logs with respect to log messages.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 13 | |
| 12 | |
| 9 | |
| 7 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY