Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Philipp_Philipp
Participant

Export logs to CSV

Hello, I need to export logs to CSV for one particular firewall rule, but system exports only about 50 rows, which I can see on a screen, instead of several thousands in total. We asked support, they told it is a bug. I akso tried Smartview on Smartevent, but it has a limited amount of columns. Is there a workarounf for this issue?

11 Replies
G_W_Albrecht
Legend Legend
Legend

It rather is very easy but you need the CLI - sk39573 How to read a Check Point log file in its native format shows that fwm logexport -n -p -i <Log File Name> -o <Output File Name> will write into a file something  similar to:
 23:55:20 5 N/A  1  encrypt GWR7720 < eth0  LogId: 0; ContextNum: <max_null>; OriginSicName: CN=GWR7720,O=SMS7520.isag.at.puwfph; OriginSicName: CN=GWR7720,O=SMS7520.isag.at.puwfph; HighLevelLogKey: 18446744073709551615; inzone: Local; outzone: External; service_id: tunnel_test; src: GWR7720; dst: GWS76; proto: udp; scheme:: IKE; methods:: ESP: AES-128 + SHA1; peer gateway: GWS76; encryption failure:: ; partner: ; community: MyIntranet; fw_subproduct: VPN-1; vpn_feature_name: VPN; user: ; src_user_name: ; src_machine_name: ; src_user_dn: ; snid: ; dst_user_name: ; dst_machine_name: ; dst_user_dn: ; UP_match_table: TABLE_START; ROW_START: 0; match_id: 0; layer_uuid: 2a629077-642c-45b6-8b09-591babb2b77d; layer_name: newpolicy15 Security; rule_uid: 0E3B6801-8AB0-4b1e-A317-8BE33055FB43; rule_name: Implied Rule ; action: 2; parent_rule: 0; ROW_END: 0; UP_match_table: TABLE_END; ProductName: VPN-1 & FireWall-1; svc: tunnel_test; sport_svc: 53452; ProductFamily: Network;

If you now filter by rulename you have logs for one rule only.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Kaspars_Zibarts
Employee Employee
Employee

If you are on R80 you can use SmartView or old school Tracker (should help with limited columns) 

Cannot export more than 50 records (logs) to Excel in R80 

Philipp_Philipp
Participant

Thanks, we tried these options, but we need all amount of columns, plus we need logs for 24 hours and this is more than one log file. Maybe you know when this functionality will start working in normal way? Maybe in R80.20?

G_W_Albrecht
Legend Legend
Legend

Did you already try fwm logexport ? This gives all columns and you can export everx log file, too !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Christian_Degen
Explorer

We stumbled upon this problem too. This is to say it frank rubbish... We have a log server and management server on R80.20 and log export is a pain. 

Put some priority in this at least and release a new Smart Console

0 Kudos
PhoneBoy
Admin
Admin

Use SmartView to do this, which can export up to a million records to CSV.

https://management-ip/SmartView

Note that Log/Reporting in SmartConsole will ultimately become SmartView.

Christian_Degen
Explorer

Thanks for the hint regarding SmartView.  We managed to export the necessary logs this way. 

However log export in SmartConsole is clearly broken and it would be nice to get a fixed version. 

0 Kudos
PhoneBoy
Admin
Admin

The ultimate "fix" for this issue will be when SmartConsole just uses SmartView.

This is planned for later releases.

0 Kudos
Alex_Menendez
Explorer

Any way to disable name resolution on the logs from SmartView??

0 Kudos
Torsten_Schucho
Explorer

The /smartview/ part of the URL is case sensitive.

0 Kudos
Torsten_Schucho
Explorer

https://management-ip/smartview

/smartview is case sensitive.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events