This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
tavi0906
Contributor
‎2024-04-29 04:01 AM
Jump to solution

maximum days to index the offline logs

we had some issue after upgrade https://support.checkpoint.com/results/sk/sk111766 same as the mentioned sk.

here i would like to know what is the maximum number of days logs we can index ? can we plan for 365 days ?

 

and is there any method to read the logs which are exported to local PC ?

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-04-29 02:21 PM
Jump to solution

The main issue with indexing 365 days worth of logs is disk space and the time it'll take.
I believe it should work, though.

Check Point log files are in a proprietary format.
You can "print" them using fw log and/or CpLogFilePrint and/or export them with fwm logexport.

View solution in original post

7 Replies
PhoneBoy
Admin
Admin
‎2024-04-29 02:21 PM
Jump to solution

The main issue with indexing 365 days worth of logs is disk space and the time it'll take.
I believe it should work, though.

Check Point log files are in a proprietary format.
You can "print" them using fw log and/or CpLogFilePrint and/or export them with fwm logexport.

tavi0906
Contributor
‎2024-04-29 09:54 PM
In response to PhoneBoy
Jump to solution

Is there any method to read those exported logs ?

0 Kudos
tavi0906
Contributor
‎2024-04-29 10:21 PM
In response to tavi0906
Jump to solution

when  Smart - 1 is in HA , is it matter where we reindex the first ? either on primary or secondary ?

0 Kudos
Amir_Senn
Employee
Employee
‎2024-04-30 07:56 AM
In response to tavi0906
Jump to solution

In index mode we can query all the servers at once, so as long as you query all the servers that can function as log servers it doesn't matter.

Kind regards, Amir Senn
0 Kudos
tavi0906
Contributor
‎2024-05-01 10:26 PM
In response to Amir_Senn
Jump to solution

so, can we reindex logs on primary first and then to secondary ?

0 Kudos
Amir_Senn
Employee
Employee
‎2024-05-02 02:48 AM
In response to tavi0906
Jump to solution

There's no need to index more than once, it asks all the selected log servers at once.

Indexes are created from the logs on the same machine they're stored on, to index them on another server is to copy them and change number of days to index to include range of logs. If you want log redundancy you can do that.

Kind regards, Amir Senn
0 Kudos
PhoneBoy
Admin
Admin
‎2024-04-30 08:23 AM
In response to tavi0906
Jump to solution

All three tools I mention produce ASCII text output, just in different forms.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top