Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

[Issue] R80.10 SmartConsole: Export Logs to CSV

Jump to solution

Hi,

In SmartConsole, I want to export logs to CSV for some period. (For example, 30 days)

I applied the filter(30 days) and export it to a CSV file.

However, the log of 30 days was not exported and only a part was exported.

1 Solution

Accepted Solutions
Highlighted
Admin
Admin

It will only export the records currently visible.

This is a known limitation that I believe is planned to be addressed in future releases.

SmartView (available at https://management-ip/smartview) will export up to a million records if I recall.

View solution in original post

28 Replies
Highlighted
Admin
Admin

It will only export the records currently visible.

This is a known limitation that I believe is planned to be addressed in future releases.

SmartView (available at https://management-ip/smartview) will export up to a million records if I recall.

View solution in original post

Highlighted

Thanks for your update. 

When will this limitation be resolved? Will it be resolved in the next version? (Such as R80.20 or R80.30)

Highlighted
Employee+
Employee+

Sure, it is in our roadmap and will be added in future versions.

Highlighted
Admin
Admin

Exact release target has not been finalized.

0 Kudos
Highlighted

I would like to export firewall logs, the Web based SmartView (available at https://management-ip/smartview) does not show the access rule name or number. Is there a way to add these?

0 Kudos
Highlighted
Admin
Admin

As far as I know there is not, at least in the Log view.

In the reports view, it's possible to create a report that includes the Rule Name.

For me, at least, was not showing the Rule Name.

it, it 

Highlighted

Thanks Dameon,

Is Reports view something that needs to be enabled? I seem to only have "Open Log View" and "Open Audit Log View".

0 Kudos
Highlighted
Admin
Admin

Click on the plus (far right tab).

From here, you can create a New View:

Specify category Access Control:

Then you can add a widget using the screenshot I showed earlier.

Highlighted
Pearl

I believe this requires SmartEvent blade and license to function as depicted, else you'll see only the Log View and Audit Log View options.

Can you tell me what befell those who had SmartReporter licence and blade active in R77 after upgrade to R80.10?

0 Kudos
Highlighted
Admin
Admin

SmartReporter doesn't exist in R80+.

If you only have a license for this and you haven't yet traded in for SmartEvent, you will need to work with your Check Point rep/partner to trade in for a SmartEvent license. 

0 Kudos
Highlighted

no need for SmartEvent license to export logs.

Highlighted
how to export those files from management server
0 Kudos
Highlighted
Iron

Hi, Phone Boy,

 

How about this issue now ? Does it resolve ?

Thanks!

0 Kudos
Highlighted
Admin
Admin
I'm not sure what you're asking about.
Please create a new thread that fully states what you have a question about, relevant versions, screenshots, etc.
0 Kudos
Highlighted
Iron
Sorry PhoneBoy,
I just mean about the limit of SmartConsole when export log, it only can export visible logs. Now, in R80.30 i still see the same. Thanks!
0 Kudos
Highlighted
Employee+
Employee+

Hi,

From R80.20 and above you can export up to a 1 million logs. You can do it using the SmartView webapp.

From any server with a logging module (SMS/MDS, Log Server, SmartEvent) just surf to https://<server-IP>/smartview

Log in with same credentials. Go to the logs view -> Options -> Export -> Export to Excel.

 

Kind regards, Amir Senn
0 Kudos
Highlighted

Hey Checkpoint,

Is there already a hotfix for this annoying bug available? 

The workaround is not a workable solution for policy cleanup!

We used to work with a mgmt station in R80 and migrated last week to MGMT R80.10.

Kr,

Fabio

0 Kudos
Highlighted
Admin
Admin

As far as I know, this limitation still exists and does not have an immediate fix.

It is expected to be addressed in a later release, as noted elsewhere in this thread.

0 Kudos
Highlighted

what bug?

you can export through  https://management-ip/smartview

Highlighted

I'm not sure if you call it a bug or non-feature. But this doesn't work the way most security engineers expect it to. (I have been through CP support on this). SmartView only reports on what CP has decided is a security event or incident. So when it calculates bandwidth or logs or the like it is only these.

For instance I wanted to be able to report all access (Accept or Drops) to the NTP service. Even though we log each of these, and those logs are sent to the SmartEvent server, SmartView isn't interested in reporting these.

I am interested though, as the security gateway clearly is logging these, and being at the centre of the network, is the most obvious point to instrument from. Very frustrating particularly as we went to the effort of justifying the additional CP licence for this on the basis of the visualisation it could give us.

Highlighted
Admin
Admin

The following thread is probably relevant to the conversation:

Re: Creating reports with tracking "per connection"

0 Kudos
Highlighted

Thanks Dameon,

It looks relevant, but still doesn't address why the SmartView tool simply misrepresents the operating state of the system. We have been logging pretty much everything that passes through our security gateway (from when it was greenfield 6 months ago, and as we migrated the legacy workloads into the new datacenter environment). We did this so we could analyse the state of the environment to help us close the loop and the security policy and the overall network state of the environment. If the suggestion is to add "Session" logging to everything, well and good, but why isn't this the default (or at least a suggestion) when the SmartEvent server is deployed.

It just is ludicrous when we thousands of NTP logs per hour, yet running SmartView to report on NTP gives nada. It's just not sane defaults.

0 Kudos
Highlighted
Admin
Admin

From my R80.20.M1 system, this seems to be working as expected.

Even in older releases, I would expect this to work.

You may want to engage the TAC for further troubleshooting.


0 Kudos
Highlighted
Copper

Hi All, 

 

Anyone knows if this "bug" is actually solved or there is any kind of dedicated fix for R80.10 or included in a specific SmartConsole package?

 

Ciao e grazie

Diz Smiley Very Happy

Highlighted
Admin
Admin
As far as I know there is no SmartConsole fix for this
In future versions, SmartView will replace what's in SmartConsole.
You can access SmartView with a web browser: https://mgmt-ip/smartview
0 Kudos
Highlighted
Iron

or replace IP with hostname: 
https://mgmt-hostname/smartview

0 Kudos
Highlighted
Is there a way to disable resolution in SmartView for the export??
0 Kudos
Highlighted

I wrote following python script that you run on management.  It will request a start and end date (can be just 1 day) and a name for an archive file.  It will go through and export all logs in the given range (without name/port resolution) into /var/log/tmp and then create a tarball under the same based on archive name provided.  Once launched you can do the following:

1.Run the program you want to run: <python script name>
2.Hit Ctrl+Z
3.Type: disown -h %(job number displayed in “Stopped” message of Ctrl+Z)
4.Type: bg 1(job number displayed in “Stopped” message of Ctrl+Z)
5.Logout 
 
Note: you must logout - you can log back in and monitor the job using 'ps aux | grep fwm' which should show which log file is currently being processed, however, if you stay logged in the job will finish prematurely.
 
Takes roughly around 15 to 20 minutes per 2 gb log file
-------------------------------------------------------------------------------

#!/usr/bin/python3

import time
from datetime import date, timedelta
import datetime
import fnmatch
import os
import subprocess

# Set static variables
path = os.environ["FWDIR"]
timestr = time.strftime("%Y-%m-%d")

#Get begin date
date_entry = input('Enter first date in range YYYY-MM-DD format: ')
year, month, day = map(int, date_entry.split('-'))
Startdate = datetime.date(year, month, day)

#Get end date
date_entry = input('Enter last date in range YYYY-MM-DD format: ')
year, month, day = map(int, date_entry.split('-'))
Enddate= datetime.date(year, month, day)

#Filename for tarball
archive = input('Please enter name for tarball: ')

#compare beginging date from end date and print current
delta = timedelta(days=1)

# Process log files

while Startdate <= Enddate:
date = (Startdate.strftime("%Y-%m-%d"))
range = f'{date}*.log'
for file in os.listdir('%s/log/' % path):
if fnmatch.fnmatch(file, range):
subprocess.call(['fwm logexport -n -p -i %s -o /var/log/tmp/%s.txt' % (file, file)],shell=True)
Startdate += delta

#Create Tarball of exported logs

print("All log files processed")
print("zipping up logs")
subprocess.call(['tar -cvzf /var/log/tmp/%s-%s-".tgz" /var/log/tmp/*.txt' %(archive, timestr)],shell=True)
print("tarball completed")

0 Kudos