Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ivanfsei123
Contributor
Jump to solution

Unable to Export Huge logs on .csv

Hi All,

How can we export a huge logs that at least this year? We tried to export on infinity portal smart 1 cloud. We can see that there is an option to export up to 1K, 10K, 100K up to 1M logs. We choose 1M logs because we target to export all logs at least this year. When we download the generated CSV file exported it only shows 1000 logs not 1M or higher. Also all the logs are the logs on the same day. How can we achieve exporting all the logs?

 

Thank you

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

As Andy wrote you can see the limitation here under Logs & Monitor:

Expected Behavior and Known Limitations (checkpoint.com)

CCSM R77/R80/ELITE

View solution in original post

14 Replies
PhoneBoy
Admin
Admin

Did you open a TAC case on this? https://help.checkpoint.com 

ivanfsei123
Contributor

Yes, We still can't export it, There are missing logs on whole month.

0 Kudos
the_rock
Legend
Legend

You will never see more than 1000 logs, its a limitation, TAC confirmed through case we had for a customer. Its ONLY for S1C, not vm or physical appliance (I tested in my VM, had 900K logs exported)

Andy

https://dl3.checkpoint.com/paid/a7/a74c8ae8160656e6004fc31f086c10cb/CP_Check_Point_Quantum_Smart-1_C...

Page 57

* Export logs to Excel CSV is limited to 1K records

ivanfsei123
Contributor

okay, is there a way to export all the logs even not on .csv?

0 Kudos
the_rock
Legend
Legend

The only answer TAC told us to that question is to get all .log files exported, but what you can do with them, they never clarified.

Problem is, they would need to get those for you, since customers dont have ssh access to S1C instance.

Andy

0 Kudos
_Val_
Admin
Admin

best is to investigate this with TAC

0 Kudos
Chris_Atkinson
Employee Employee
Employee

From memory something like this used to be a limit of SmartConsole UI that you could workaround only with SmartView (web).

How much existing retention do you have within  your Smart-1 cloud instance to begin with?

Note the log storage limits & expansion options outlined in the Smart-1 Cloud data sheet.

CCSM R77/R80/ELITE
0 Kudos
Emilio_Espinosa
Contributor

I have the exact same problem. The log export function has the behavior as if it was exported directly from the Smart Dashboard, the exported registers are the only that have been browsed. 

As you have the same Check point subscription (Infinity portal, Smart-1), can you check if you can open SmartView using the option located in the "logs & Monitor New tab" (botton left)?  They have the option but is not working. I opened a TAC case and they gave me the option (and only option) to use the new Logs & Events option (at that time) but, of course, is not working.  It will open a tab in your default Internet browser with this address https://127.0.0.1:19008/smartview/.

0 Kudos
the_rock
Legend
Legend

If you check my previous post, its a limitation, even in S1C portal. 1M logs option works, but only on regular on-prem management or VM, not Smart-1 cloud.

Even TAC confirmed this via the case we had opened for a customer.

Best regards,

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

As Andy wrote you can see the limitation here under Logs & Monitor:

Expected Behavior and Known Limitations (checkpoint.com)

CCSM R77/R80/ELITE
Emilio_Espinosa
Contributor

So, we don't have any option for all of we that have the service on the cloud?? 

I remember it once worked, perhaps they removed that option. 

I have a log server on prem, that would help (smartview does work there) but, I still have problems trying my centrally managed SMBs to send logs to it. They try to send to its maas ip address, of course is not routable from other branches. 


0 Kudos
the_rock
Legend
Legend

As it states in the document, limit is 1K logs, though in GUI, it shows you can export up to 1M, but you canNOT.

Anyway, I know this is 100% true, as I tested it myself.

Best regards,

Andy

0 Kudos
Emilio_Espinosa
Contributor

Too bad. Hope there will be an option soon.

In order to keep our access rules clean, we need to check history logs and remove or rearrange the access, you know security is a most.

Thanks Andy for your kind attention.  

 

0 Kudos
the_rock
Legend
Legend

Trust me, I hear you. I was equally as shocked to find this limitation, its unfortunate is there, but lets hope they fix it soon.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events