If you'd only like to exclude FW connections, then you may be able to use the other filter-out connections option, instead of the filtering options - see #1 option:
#1 . Only filtering-out the FW-connections maybe simpler & good enough for you.
Go to relevant exporter: cd $EXPORTERDIR/targets/<deployment_name>.
Backup file: cp targetConfiguration.xml{,.Orig}
Edit: vim targetConfiguration.xml
Change false to true.
<filter filter_out_by_connection="true">
save & restart: cp_log_export restart <name>
#2. You could also set filter-blade-in "TP" for all threat prevention blades, but that won't include "application control other access blades, so add a few more blades like APPI & URL-F & more...
filter-blade-in "TP,"Application Control","URL Filtering""
Add all these access blades as well with comma(,) separated as I've shown here & in sk (FilterConfiguration).
<value operation="eq">Application Control</value>
<value operation="eq">URL Filtering</value>
<value operation="eq">Content Awareness</value>
<value operation="eq">Connectra</value>
<value operation="eq">Mobile Access</value>
<value operation="eq">Compliance blade</value>
<value operation="eq">Core</value>
<value operation="eq">DDoS Protector</value>
<value operation="eq">Identity Awareness</value>
<value operation="eq">Identity Logging</value>
<value operation="eq">UA WebAccess</value>
save & restart: cp_log_export restart <name>
from the log-exporter sk (relevant section here)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...)
Filter out firewall connections Parameters
The Log Exporter solution supports several filtering options, as detailed in the section above. In this section, we will go over each option.
Filters logs based on blade
In the current release, we have a limited blade related filtering. This functionality will be expanded upon in future releases.
You can filter out firewall connection logs ('Firewall-1 & VPN-1', 'HTTPS Inspection' and 'Security Gateway/Management').
Parameter |
Description |
Possible/Default Values |
<filter filter_out_by_connection="false"> |
Determines if the Access logs should be filtered out.
When set to 'true' VPN-1 & Firewall-1 connection logs will be filtered out
Note: No other blade filters are currently supported. This will be expanded upon in future releases.
|
true / false |
Note: Firewall session logs will still be exported (Generated by tracking a firewall rule by per Session).
Limitation: HTTPS inspection logs, Non-rulebase generated Firewall logs & a few Firewall NAT update logs will still be exported.