Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Supporto_Checkp
Collaborator

Log exporter - filter traffic for only for VPN blade

Good morning,

Is it possible, through log exporter, to export only VPN ? If so, how would the command be? (the FilterConfiguration.xml)

Thank you

0 Kudos
10 Replies
Amir_Senn
Employee
Employee

You can run 'filter blade in' as a command in expert mode: cp_log_export set name <name> filter-blade-in "value"

You can follow the Log Exporter SK in the relevant section for filtering for further information:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Kind regards, Amir Senn
0 Kudos
Supporto_Checkp
Collaborator

Hi Amir,

the SK only menton "VPN-1 & Firewall-1" that would be "Firewall logs"- i want to filter only VPN logs - how the filter should be?

 

Thnaks 

Best Regards

0 Kudos
Dror_Aharony
Employee Alumnus
Employee Alumnus

Add this to your FilterConfiguration.xml to filter by VPN logs only:

<field name="fw_subproduct" operator="or">
<value operation="eq">VPN-1</value>
</field>

 

file should look like this:

<filters>
<filterGroup operator="and">
<field name="action" operator="and">
</field>
<field name="origin" operator="and">
</field>
<field name="product" operator="and">
</field>
<field name="fw_subproduct" operator="or">
<value operation="eq">VPN-1</value>
</field>
</filterGroup>
</filters>

0 Kudos
Herschel_Liang
Collaborator

If I want to filter AV, IPS and IPSEC VPN, Mobile access VPN, how the filter should be? THX!

0 Kudos
Dror_Aharony
Employee Alumnus
Employee Alumnus

cp_log_export set name <your_name> filter-blade-in "TP,Access,Mobile" and then filter-out using (vim <TargetExporterDir>./conf/FilterConfiguration.xml) the specific blades you're sure you don't need.
Alright?

0 Kudos
Adity12
Collaborator

Does this configuration can i do on R80.20 Take 101? or i should upgraded to latest JHF to get filtering, when i want use Log exporter?

 

Thanks 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

R80.20 JHF Take 103 or above.

CCSM R77/R80/ELITE
0 Kudos
Adity12
Collaborator

So for default configuration this file, there is no filtering right?

i don't see this section <field name="fw_subproduct" operator="or">
<value operation="eq">VPN-1</value>
</field> 

so for default configuration all log will exported right?

0 Kudos
PhoneBoy
Admin
Admin

Yes, everything should be exported by default.

0 Kudos
Adity12
Collaborator

Thanks @PhoneBoy for explanation.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events