- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
We are having a distributed Checkpoint Environment with dedication Checkpoint Log Server, all logs from Gateway is configured to be send to the log server, in this case please confirm where the Packet capture logs are send and what is the location of logs in the log server.
Because as per the SK I was not able to find any files in the specified location of the gateway.
Also verified $FWDIR/log/blob but still no files.
PhoneBoy
Maybe @TP_Master knows the exact location.
But I know there is also an API for this in the latest R80.40 JHF (and in R80.30 JHF 111+): https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Fetching-PCAP-via-API-in-R80-30-J...
Shay_Hibah
How are you?
Blob directory was not changed from R80.10.
I would like to veirfy with you:
1. Can you see reports/blobs when you use SmartConsole?
2. What commands did you use to look for the blobs when you connected to LS? did you use mcd to make sure the patch is changed based on the specific domain?
Thank you @Shay_Hibah for checking on this.
My mistake, I had checked the wrong directory the last time, I had checked through CLI this time and was able to find the files in the blob folder.
But the format of the files are different its not .cap or .pcap, its localhost.blob, how can I change the format to .cap or .pcap so that I can view it in Wireshark.
Example:
10.177.0.5__89.248.172.149_maildir_sent_new_time1601352097.mail-2498201990-3937761760.localhost.blob
Thank you in advance
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY