This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Philipp_Philipp
Participant
‎2018-03-28 10:47 PM

Export logs to CSV

Hello, I need to export logs to CSV for one particular firewall rule, but system exports only about 50 rows, which I can see on a screen, instead of several thousands in total. We asked support, they told it is a bug. I akso tried Smartview on Smartevent, but it has a limited amount of columns. Is there a workarounf for this issue?

11 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-03-29 12:22 AM

It rather is very easy but you need the CLI - sk39573 How to read a Check Point log file in its native format shows that fwm logexport -n -p -i <Log File Name> -o <Output File Name> will write into a file something  similar to:
 23:55:20 5 N/A  1  encrypt GWR7720 < eth0  LogId: 0; ContextNum: <max_null>; OriginSicName: CN=GWR7720,O=SMS7520.isag.at.puwfph; OriginSicName: CN=GWR7720,O=SMS7520.isag.at.puwfph; HighLevelLogKey: 18446744073709551615; inzone: Local; outzone: External; service_id: tunnel_test; src: GWR7720; dst: GWS76; proto: udp; scheme:: IKE; methods:: ESP: AES-128 + SHA1; peer gateway: GWS76; encryption failure:: ; partner: ; community: MyIntranet; fw_subproduct: VPN-1; vpn_feature_name: VPN; user: ; src_user_name: ; src_machine_name: ; src_user_dn: ; snid: ; dst_user_name: ; dst_machine_name: ; dst_user_dn: ; UP_match_table: TABLE_START; ROW_START: 0; match_id: 0; layer_uuid: 2a629077-642c-45b6-8b09-591babb2b77d; layer_name: newpolicy15 Security; rule_uid: 0E3B6801-8AB0-4b1e-A317-8BE33055FB43; rule_name: Implied Rule ; action: 2; parent_rule: 0; ROW_END: 0; UP_match_table: TABLE_END; ProductName: VPN-1 & FireWall-1; svc: tunnel_test; sport_svc: 53452; ProductFamily: Network;

If you now filter by rulename you have logs for one rule only.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Kaspars_Zibarts
Employee Employee
Employee
‎2018-03-29 02:50 AM

If you are on R80 you can use SmartView or old school Tracker (should help with limited columns) 

Cannot export more than 50 records (logs) to Excel in R80 

Philipp_Philipp
Participant
‎2018-04-05 10:56 PM
In response to Kaspars_Zibarts

Thanks, we tried these options, but we need all amount of columns, plus we need logs for 24 hours and this is more than one log file. Maybe you know when this functionality will start working in normal way? Maybe in R80.20?

G_W_Albrecht
Legend Legend
Legend
‎2018-04-10 05:09 AM
In response to Philipp_Philipp

Did you already try fwm logexport ? This gives all columns and you can export everx log file, too !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Christian_Degen
Explorer
‎2018-08-29 07:12 AM

We stumbled upon this problem too. This is to say it frank rubbish... We have a log server and management server on R80.20 and log export is a pain. 

Put some priority in this at least and release a new Smart Console

0 Kudos
PhoneBoy
Admin
Admin
‎2018-08-29 04:27 PM

Use SmartView to do this, which can export up to a million records to CSV.

https://management-ip/SmartView

Note that Log/Reporting in SmartConsole will ultimately become SmartView.

Christian_Degen
Explorer
‎2018-08-30 01:02 AM
In response to PhoneBoy

Thanks for the hint regarding SmartView.  We managed to export the necessary logs this way. 

However log export in SmartConsole is clearly broken and it would be nice to get a fixed version. 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-08-30 08:40 AM
In response to Christian_Degen

The ultimate "fix" for this issue will be when SmartConsole just uses SmartView.

This is planned for later releases.

0 Kudos
Alex_Menendez
Explorer
‎2019-09-16 01:41 PM
In response to PhoneBoy

Any way to disable name resolution on the logs from SmartView??

0 Kudos
Torsten_Schucho
Explorer
‎2022-07-13 03:15 AM
In response to PhoneBoy

The /smartview/ part of the URL is case sensitive.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top