Re: Critical File Watcher

TurgutKaplanogl

Critical File Watcher – Overview

Critical File Watcher is an interactive command-line tool designed to easily monitor and manage potentially configurable files on Check Point Security Gateways. It is particularly useful during version upgrades and migration to a new device(This topic is specifically addressed in the preparation/prerequisites section of the Installation and Upgrade Guides).

Key Features:

File Status Monitoring: Quickly view the last modification dates of important configuration and system files.
Color-Coded Display: Highlight files based on their status to easily identify which files have changed.
Interactive Usage: Select files by number to view their contents instantly.
Multi-File Archiving: Archive multiple selected files into a single .tgz file under /var/log/.
File Not Found Alerts: Clearly indicate missing or invalid files.
Seamless Integration: Designed to work smoothly with existing Check Point systems.

Use Cases:

Monitor and verify critical files during existing Check Point Security Gateway upgrades or migration to a new device.
Enable security administrators to track and report critical file changes.
Backup and archive configuration files on Check Point devices.
Quickly ensure system integrity in daily operations.

Critical File Watcher is a simple yet powerful tool that allows administrators to monitor critical files with a single command and take prompt action when necessary.

Note: One-time before running the script

[Expert@X_Gw22:0]# chmod +x Critical_File_Watcher.sh

[Expert@X_Gw22:0]# dos2unix Critical_File_Watcher.sh

the_rock · ‎2025-11-06

AMAZING! Just so people dont wonder, it might be needed to run dos2unix and chmod commands, but works fine!

Best,
Andy

PhoneBoy · ‎2025-11-13

Officially in Toolbox now

the_rock · ‎2025-11-13

Gave it to couple of customers, they found the script super useful.

Best,
Andy

waozcan · ‎2025-11-13

Very useful- especially for migrations. Thanks!

the_rock · ‎2025-11-14

100%

Best,
Andy

Nurullah_Kazar · ‎2025-11-13

Great work, thanks for sharing.

ali-eksi · ‎2025-11-13

This is so useful!

And color coding makes it clear.

the_rock · ‎2025-11-14

For the context, output from my R82 lab fw:

[Expert@CP-GW:0]# ./check_critical_files.sh
============================================
==== Check Point Critical File Check ====
============================================

File modification dates:
------------------------------
/opt/CPcvpn-R82/conf/cvpnd.C : 2024-10-14 20:21:55.000000000 -0400
/opt/CPsuite-R82/fw1/boot/modules/fwkern.conf : 2025-11-06 15:50:14.492000000 -0500
/opt/CPsuite-R82/fw1/conf/cpha_bond_ls_config.conf : 2024-10-15 12:18:07.000000000 -0400
/opt/CPsuite-R82/fw1/conf/cpha_specific_vlan_data.conf : 2024-10-15 12:18:09.000000000 -0400
/opt/CPsuite-R82/fw1/conf/discntd.if : File not found
/opt/CPsuite-R82/fw1/conf/fw_fast_accel_export_configuration.conf : File not found
/opt/CPsuite-R82/fw1/conf/fwaffinity.conf : 2024-10-15 12:18:09.000000000 -0400
/opt/CPsuite-R82/fw1/conf/fwauthd.conf : 2025-11-05 08:30:05.974000000 -0500
/opt/CPsuite-R82/fw1/conf/hsm_configuration.C : 2024-10-15 12:18:03.000000000 -0400
/opt/CPsuite-R82/fw1/conf/identity_broker.C : 2024-10-15 12:18:09.000000000 -0400
/opt/CPsuite-R82/fw1/conf/ipassignment.conf : 2024-10-15 12:18:10.000000000 -0400
/opt/CPsuite-R82/fw1/conf/local.arp : File not found
/opt/CPsuite-R82/fw1/conf/malware_config : 2025-04-09 14:42:53.683000000 -0400
/opt/CPsuite-R82/fw1/conf/prioq.conf : 2025-04-09 14:50:51.686000000 -0400
/opt/CPsuite-R82/fw1/conf/rad_conf.C : 2024-10-15 12:20:33.000000000 -0400
/opt/CPsuite-R82/fw1/conf/synatk.conf : 2025-04-09 14:56:59.254000000 -0400
/opt/CPsuite-R82/fw1/conf/te.conf : 2025-11-11 08:58:30.772000000 -0500
/opt/CPsuite-R82/fw1/conf/thresholds.conf : 2024-10-15 12:20:33.000000000 -0400
/opt/CPsuite-R82/fw1/conf/trac_client_1.ttm : 2024-10-15 12:16:49.000000000 -0400
/opt/CPsuite-R82/fw1/conf/vsaffinity_exception.conf : 2024-10-15 12:18:09.000000000 -0400
/opt/CPppak-R82/conf/simkern.conf : File not found
/var/ace/sdconf.rec : 2025-04-09 15:44:26.093000000 -0400
/var/ace/sdopts.rec : 2025-04-09 15:44:26.092000000 -0400
/var/ace/sdstatus.12 : File not found
/var/ace/securid : File not found

Best,
Andy

the_rock

@TurgutKaplanogl

Just a thought I had...do you think there would be any way to actually show which files would be 100% needed if customer was to upgrade?

Best,
Andy

TurgutKaplanogl

Hello @the_rock

In my opinion, these files should be fully backed up before every upgrade and migration. This is already explicitly stated in the Upgrade & Installation Guide. However the critical point here is to check the modification dates of these files that come by default after first installation(or jumbo hot fix if needed). By doing so it can be determined whether any changes were made and after a fresh install or migration the modified files can be compared and transferred accordingly.

In other words these files are configured differently depending on various scenarios.

Thank you

the_rock

I agree 100% @TurgutKaplanogl

Best,
Andy

Filters

Sort By

Categories

Critical File Watcher

Critical File Watcher – Overview

Key Features:

Use Cases:

Critical File Watcher – Overview

Key Features:

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.