cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Longson_Ho1
Nickel

Firewall Log Archive and Import in R80.10/ R77.30

Is it possible to archive the log in Management Server? (Just as the idea as archive our email from mail server)

Can the log file be exported from the Management Server from time to time (manually), store the log file in other storage (as the size of storage in log server/management server is limited)r

And import the log file and read on SmartConsole when it is needed?

I have tried my own method as ftp the log files in $fwdir/log/   directory.
Seems after export and import the log files the SmartConsole can read the logs again.

But I cannot find this way in official KB.

Is there any official KB or way for this purpose?

Thank you!

2 Replies
Admin
Admin

Re: Firewall Log Archive and Import in R80.10/ R77.30

What you describe is more or less the correct process.

However, if you want the log files to be indexed in SmartEvent, then you need to view the Importing Log Files from SmartEvent Servers section of: Logging and Monitoring R80.10 Administration Guide 

Re: Firewall Log Archive and Import in R80.10/ R77.30

CP logs are not very simple as they consist of different - mostly unreadable -  files, but if you know how, you can backup these logs and transfer to a e.g. different SMS for view, see sk92920 How to open FireWall log (fw.log) from a different Security Management Server in SmartView T.... If you just want to read the cotent of the log files or export them into a readable version, please consult sk39573 How to read a Check Point log file in its native format. If the SMS has not much room for logs, you can also use a syslog server as a secondary log server and copy the FW logs to it in regular intervalls, see sk115392 How to export Check Point logs to a Syslog server using CPLogToSyslog for details!