Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chen_Fenghua
Employee Alumnus
Employee Alumnus
Jump to solution

How to export all result for the SmartLog query shows

Hi team:

We have one requirement for log export.

SmartLog query shows many entries when scrolling down. We want to export all these entries into one csv file.

But now we only can export about 200 entries even we have near 1300 searched entries.

Logs searched result in SmartConsole

Our SmartTracker only show the currently entries in the fw.log file. Is there any solution for this requirement?

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

SmartConsole will only export visible log entries.

SmartView will export up to a million entries (even if not visible).

View solution in original post

0 Kudos
14 Replies
Danny
Champion Champion
Champion

fwm logexport

sk118002: Cannot export more than 50 records (logs) to Excel CSV in R80.XX

Solution
To export all the required logs, you can:
  • Use the legacy R80 SmartView Tracker application (CPlgv.exe) under folder C:\Program Files (x86)\CheckPoint\SmartConsole\R80\PROGRAM
0 Kudos
G_W_Albrecht
Legend
Legend

Or change in SVTracker to the older log file and export the events file by file...

CCSE CCTE CCSM SMB Specialist
0 Kudos
Maik
Advisor

Hey,

I experienced the same issue a while ago. To be honest, it feels like a bug...

You can circumvent this issue by accessing the SmartView web application (https://mgmt_srv_ip/smartview).

Use the same syntax and export the logs within the web application - now the csv should contain all the logs and not just these that are shown on screen.

Regards,

Maik

0 Kudos
PhoneBoy
Admin
Admin

SmartConsole will only export visible log entries.

SmartView will export up to a million entries (even if not visible).

0 Kudos
Mohammed_Omin_B
Contributor

If we try to export it, its size is just in KBs and empty when we open it. 

G_W_Albrecht
Legend
Legend

You did try to export it from SmartView Tracker ? That should work: C:\Program Files (x86)\CheckPoint\SmartConsole\R80.10\PROGRAM\CPlgv.exe

CCSE CCTE CCSM SMB Specialist
Mohammed_Omin_B
Contributor

Dameon Welch AbernathyGünther W. Albrecht

Yep, I tried with it but it is not showing the current logs as well. There is one more limitation in searching with SmartView Tracker that we can't search it for the Inline layer rules as this feature is in R80.x but Tracker is for R77.x. 

Here is the detailed description which might help -

Symptoms:
============
Logs are Missing per rule 

Steps Taken:
============
-Rule wise logs unable to generate the .csv file is getting crash
-While login to Security Policy->Logs->unable to see the logs intermittently.
Getting the error "no logs" .
-Confirmed that when generated log report from Smart View ->logs are missing and also informed that in legacy@@ smart tracker some of the rule logs are missing.
-#cpwd_admin list -all process are UP and running .
-Having enough disk space and memory verified #df -kh and free -m
-Its listening on port 257 verified #netstat -nap | grep 257
-#tcpdump -nnei any host <Firewall IP> and port 257
Firewall is sending logs to Management Server.
-#cpinfo -y all jumbo_take_112 installed on the appliance.
-#watch -d -n 2 "ls -l $FWDIR/log/fw.log" show the logs are storing on Management Server.

0 Kudos
G_W_Albrecht
Legend
Legend

I would involve TAC here.

CCSE CCTE CCSM SMB Specialist
Mohammed_Omin_B
Contributor

Does it have to enable log indexing for it? But I have a limitation of the hardware resources. 

0 Kudos
PhoneBoy
Admin
Admin

Assuming the operation involves multiple log files, I would assume so.

staboi
Participant

Is it possible to export more than 1M logs? like all the logs?

0 Kudos
PhoneBoy
Admin
Admin

To the best of my knowledge, no.

0 Kudos
Sven_Glock
Advisor

In the past I escalated a service request to have this feature in R77.30 SC and I was very happy when it was added.

With R80.10 migration I was pretty disappointed when I noticed that this feature was gone again.

From my point of view SmartView can definitivly only be a workaround.

Carsten_Weber
Contributor

This feature is still not back (20th Feb. 2020).
Even in R77.30 it was working kind of slow...feeling as it could perform much better, but at least it worked.

Who would be able to make all the logentries visible beyond a thousand or so?? Honestly? Tedious! 😐

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events