This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chen_Fenghua
Employee Alumnus
Employee Alumnus
‎2018-08-23 12:40 AM
Jump to solution

How to export all result for the SmartLog query shows

Hi team:

We have one requirement for log export.

SmartLog query shows many entries when scrolling down. We want to export all these entries into one csv file.

But now we only can export about 200 entries even we have near 1300 searched entries.

Logs searched result in SmartConsole

Our SmartTracker only show the currently entries in the fw.log file. Is there any solution for this requirement?

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2018-08-23 07:54 AM
Jump to solution

SmartConsole will only export visible log entries.

SmartView will export up to a million entries (even if not visible).

View solution in original post

0 Kudos
14 Replies
Danny
Champion Champion
Champion
‎2018-08-23 01:49 AM
Jump to solution

fwm logexport

sk118002: Cannot export more than 50 records (logs) to Excel CSV in R80.XX

Solution
To export all the required logs, you can:
  • Use the legacy R80 SmartView Tracker application (CPlgv.exe) under folder C:\Program Files (x86)\CheckPoint\SmartConsole\R80\PROGRAM
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-08-23 02:42 AM
Jump to solution

Or change in SVTracker to the older log file and export the events file by file...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Maik
Advisor
‎2018-08-23 05:54 AM
Jump to solution

Hey,

I experienced the same issue a while ago. To be honest, it feels like a bug...

You can circumvent this issue by accessing the SmartView web application (https://mgmt_srv_ip/smartview).

Use the same syntax and export the logs within the web application - now the csv should contain all the logs and not just these that are shown on screen.

Regards,

Maik

0 Kudos
PhoneBoy
Admin
Admin
‎2018-08-23 07:54 AM
Jump to solution

SmartConsole will only export visible log entries.

SmartView will export up to a million entries (even if not visible).

0 Kudos
Mohammed_Omin_B
Contributor
‎2018-09-20 02:06 AM
In response to PhoneBoy
Jump to solution

If we try to export it, its size is just in KBs and empty when we open it. 

G_W_Albrecht
Legend Legend
Legend
‎2018-09-20 04:36 AM
In response to Mohammed_Omin_B
Jump to solution

You did try to export it from SmartView Tracker ? That should work: C:\Program Files (x86)\CheckPoint\SmartConsole\R80.10\PROGRAM\CPlgv.exe

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Mohammed_Omin_B
Contributor
‎2018-09-20 11:59 PM
In response to G_W_Albrecht
Jump to solution

Dameon Welch AbernathyGünther W. Albrecht

Yep, I tried with it but it is not showing the current logs as well. There is one more limitation in searching with SmartView Tracker that we can't search it for the Inline layer rules as this feature is in R80.x but Tracker is for R77.x. 

Here is the detailed description which might help -

Symptoms:
============
Logs are Missing per rule 

Steps Taken:
============
-Rule wise logs unable to generate the .csv file is getting crash
-While login to Security Policy->Logs->unable to see the logs intermittently.
Getting the error "no logs" .
-Confirmed that when generated log report from Smart View ->logs are missing and also informed that in legacy@@ smart tracker some of the rule logs are missing.
-#cpwd_admin list -all process are UP and running .
-Having enough disk space and memory verified #df -kh and free -m
-Its listening on port 257 verified #netstat -nap | grep 257
-#tcpdump -nnei any host <Firewall IP> and port 257
Firewall is sending logs to Management Server.
-#cpinfo -y all jumbo_take_112 installed on the appliance.
-#watch -d -n 2 "ls -l $FWDIR/log/fw.log" show the logs are storing on Management Server.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-09-21 02:30 AM
In response to Mohammed_Omin_B
Jump to solution

I would involve TAC here.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Mohammed_Omin_B
Contributor
‎2018-10-01 12:40 AM
In response to G_W_Albrecht
Jump to solution

Does it have to enable log indexing for it? But I have a limitation of the hardware resources. 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-10-01 07:30 AM
In response to Mohammed_Omin_B
Jump to solution

Assuming the operation involves multiple log files, I would assume so.

staboi
Participant
‎2023-07-18 02:15 AM
In response to PhoneBoy
Jump to solution

Is it possible to export more than 1M logs? like all the logs?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-18 01:39 PM
In response to staboi
Jump to solution

To the best of my knowledge, no.

0 Kudos
Sven_Glock
Advisor
‎2018-09-27 02:39 AM
Jump to solution

In the past I escalated a service request to have this feature in R77.30 SC and I was very happy when it was added.

With R80.10 migration I was pretty disappointed when I noticed that this feature was gone again.

From my point of view SmartView can definitivly only be a workaround.

Carsten_Weber
Contributor
‎2020-02-25 04:30 AM
In response to Sven_Glock
Jump to solution

This feature is still not back (20th Feb. 2020).
Even in R77.30 it was working kind of slow...feeling as it could perform much better, but at least it worked.

Who would be able to make all the logentries visible beyond a thousand or so?? Honestly? Tedious! 😐

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top