This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
StefanoBrumana
Explorer
‎2023-07-05 03:47 AM

Where are system and security logs saved within Quantum Spark 1500 physical appliance ?

Hello everybody,

I have some Quantum Spark 1500 physical appliances ( latest software version R81,10.07 ) deployed at distinct customers' sites.

All these firewalls are locally managed via GUI or via ssh ( no cloud or remote management platform available ).

Two questions:

1) Upon enabling expert access to their CLI I can see the whole internal file system: where are saved the security and system logs ?

I' d like to manually extract via sftp these text files for faster filtering: via the web GUI I can consult these logs but the operation is quite slow ( each page just displays 100 events and sometimes I must review issues occured in past weeks ).

2) Security and system logs within the firewall are automatically overwritten every month ? I' d like to have such estimation to figure out if external syslog is needed for those customers willing to consolidate a longer and external "journal" of their events ( my Quantum Spark 1500 have no SD slot where I could insert a memory card to store these logs ... anyway I understood from the documentation that logs on the SD card are automatically erased every time this memory card is re-inserted into the firewall ).

Thanks in advance and best regards

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2023-07-05 08:40 AM

Check Point Security Logs are stored in a proprietary format (not text).
They can only be read on the local device itself or, if imported and named correctly, can be read on a Smart-1 device.

Without external storage, only a limited amount of logs can be stored locally.
The exact time period logs will be stored depend entirely on the volume of logs generated by the device.
If you need any sort of log retention, then you will need to do one of the following:

  • Use an SD-card or USB drive to store logs
  • Export to an external Smart-1 management (this requires setting up SIC)
  • Export via Syslog to another device

Note in the case of SD card or USB drive, the logs will be written to and remain on the device indefinitely (space permitting, with older logs purged first).
External logging functionality is configured in Logs and Monitoring > Logs > External Log Servers

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events