This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
Champion
Champion
‎2020-09-17 11:28 PM

iketool

 

I have been wondering for years what you can I do with the iketool. To me this looks like an ike.elg logfile parser similar to ikeview.

/opt/CPsuite-R80.40/fw1/bin/iketool
iketool.JPG

I have tried the following and only get the following message:
# iketool -f /opt/CPsuite-R80.40/fw1/log/ike.elg -v
Unrecognized file format

When I search for iketool in the KB I don't find anything!

PS:
An ike parser on the gateway would be a dream for me. Then you don't have to copy the files via winscp and analyze them with ikeview.

2 Replies
Danny
Champion
Champion
‎2020-09-17 11:55 PM

strings iketool shows:

##### END PACKET DEBUG #####
Check Point SecuRemote / SecureClient
NG with Application Intelligence R54
NG with Application Intelligence R55 or above
NG With Application Intelligence post-R55
Support for Microsoft NAT traversal
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Usage:
iketool -f file [OPTIONS]...
 -f file           the file to parse
 -b                shows a summary of the log (does not work with -s)
 -h                display this help and exit
 -i cookie 		filter by init cookie, unspaced
 -v                prints a more detailed output
 -p IP             filter by ip
 -s                start in stream mode

Version String=NGX
Interface Version=0
Company Name=Check Point Software Technologies LTD.
Legal Copyright=(c) 2005-2009 Copyright Check Point Software Technologies Ltd
Internal Name=iketool

So this looks like an ancient ike.elg viewer back from the NGX days.

However, opening ike.elg files in vi shows that they are already pretty much readable.
Some BASH magic to pretty format their content and VPN could be easily debugged at CLI.

In case you are signed up to Check Points TAC Academy Training next week on this topic you could also ask there about iketool.
Sep 23-24 2020 9:30 – 14:30 GMT+3 VPN Concepts and Troubleshooting
Timothy_Hall
Champion
Champion
‎2022-01-28 06:54 AM

As a followup iketool seems to work for me on R80.40 vanilla at least with IKEv1 ike.elg files (see screenshot); I don't have a ikev2.xmll file handy to test with IKEv2 though.

iketool.png

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Labels