SNIFFERS in the absence of LOGS

Matlu

Hello,
Are there SNIFFERS in the CLI of a Check Point, in the absence of logs in your SmartConsole?
I have a Smart-1 Cloud that, due to licensing issues, doesn't let me view logs in real time, and the administrative process is taking too long. So, with the urgent need to run online tests for web traffic that passes through a rule with APP+URLF enabled, is there an option to run SNIFFERS in the GW's CLI, which would allow me to see which rule the traffic is passing through when a user visits a web page that is categorized as pornography and it's not being blocked, even though the category is blocked in our FW rule?
With other vendors, sniffers sometimes help.
Does Check Point have any alternative when you don't have LOGS?
Thanks.

Wolfgang

@Matlu if your logs are capped in Smart1-cloud because of license issues, your gateways are logging locally. They can‘t send the logs to the cloud but locally they are available. With „fw log“ you can view them locally on your gateway.

"fw log" command

Matlu

Hello,
Assuming I am "understanding correctly," I understand that the fw.log must be checked via CLI on the GW I am interested in.
Is there a command syntax that can help resolve this issue?
It is important to understand if the traffic is passing through a particular rule and we are now "blind."

the_rock

Can you see what size of fw.log file is?

ls -lh $FWDIR/log/fw.log

Best,
Andy

Matlu

Bro,

I applied the command you recommended (in my FW).
I got the following result.

[Expert@FW-WF:0]#
[Expert@FW-WF:0]# ls -lh $FWDIR/log/fw.log
-rw-rw---- 1 admin root 8.2K Nov 25 00:00 /opt/CPsuite-R82/fw1/log/fw.log
[Expert@FW-WF:0]#

Is the option to use “fw log” as mentioned above through the CLI on the same GW?
Or is it using Smart-1 Cloud? 🤔

Matlu

Hello @Wolfgang
I am trying to use the fw log on my GW because I cannot view logs through Smart-1 Cloud.
I have a question: can this “fw log” show me previous logs?
For example, from 1, 2, or 3 days ago from the moment you run the command?
I am using the command on the GW as such, but no results are printed.

[Expert@FW-WF:0]#
[Expert@FW-WF:0]# fw log -s "Nov 24, 2025"
[Expert@FW-WF:0]#

Perhaps I am using the incorrect syntax?
Could you give me an example of how you would execute the syntax, if you want the related logs for example from 11:00 a.m. to 3:00 p.m. on 11/24 for the source IP 100.127.132.9?

Wolfgang

"ls -lsah $FWDIR/log/*.log" shows the firewall logfiles, fw.log is the actual and all others after a logswitch.
If the file is bigger then some kilobytes the logs are available locally on the appliance

12K -rw-rw---- 1 admin root 8.2K Nov 19 00:00 /opt/CPsuite-R81.20/fw1/log/2025-11-19_000000.log
30M -rw-rw---- 1 admin root 30M Nov 19 23:59 /opt/CPsuite-R81.20/fw1/log/2025-11-19_235900.log
12K -rw-rw---- 1 admin root 8.2K Nov 20 00:00 /opt/CPsuite-R81.20/fw1/log/2025-11-20_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 27 00:00 /opt/CPsuite-R81.20/fw1/log/fw.log

This shows the logs from the specified time range from logfile "2025-11-12_235900.log"

fw log -b "Nov 12, 2025 09:40:00" "Nov 12, 2025 10:00:00" 2025-11-12_235900.log

But if fw.log will be always small there are no logs locally available.

Matlu

Hello @Wolfgang
I ran the command you shared, and I got the following result.

[Expert@FW-WF:0]#
[Expert@FW-WF:0]# ls -lsah $FWDIR/log/*.log
12K -rw-rw---- 1 admin root 8.2K May 30 00:00 /opt/CPsuite-R82/fw1/log/2025-05-30_000000.log
12K -rw-rw---- 1 admin root 8.2K May 31 00:00 /opt/CPsuite-R82/fw1/log/2025-05-31_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 1 00:00 /opt/CPsuite-R82/fw1/log/2025-06-01_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 2 00:00 /opt/CPsuite-R82/fw1/log/2025-06-02_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 3 00:00 /opt/CPsuite-R82/fw1/log/2025-06-03_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 4 00:00 /opt/CPsuite-R82/fw1/log/2025-06-04_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 5 00:00 /opt/CPsuite-R82/fw1/log/2025-06-05_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 6 00:00 /opt/CPsuite-R82/fw1/log/2025-06-06_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 7 00:00 /opt/CPsuite-R82/fw1/log/2025-06-07_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 8 00:00 /opt/CPsuite-R82/fw1/log/2025-06-08_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 9 00:00 /opt/CPsuite-R82/fw1/log/2025-06-09_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 10 00:00 /opt/CPsuite-R82/fw1/log/2025-06-10_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 11 00:00 /opt/CPsuite-R82/fw1/log/2025-06-11_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 12 00:00 /opt/CPsuite-R82/fw1/log/2025-06-12_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 13 00:00 /opt/CPsuite-R82/fw1/log/2025-06-13_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 14 00:00 /opt/CPsuite-R82/fw1/log/2025-06-14_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 15 00:00 /opt/CPsuite-R82/fw1/log/2025-06-15_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 16 00:00 /opt/CPsuite-R82/fw1/log/2025-06-16_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 17 00:00 /opt/CPsuite-R82/fw1/log/2025-06-17_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 18 00:00 /opt/CPsuite-R82/fw1/log/2025-06-18_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 19 00:00 /opt/CPsuite-R82/fw1/log/2025-06-19_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 20 00:00 /opt/CPsuite-R82/fw1/log/2025-06-20_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 21 00:00 /opt/CPsuite-R82/fw1/log/2025-06-21_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 22 00:00 /opt/CPsuite-R82/fw1/log/2025-06-22_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 23 00:00 /opt/CPsuite-R82/fw1/log/2025-06-23_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 24 00:00 /opt/CPsuite-R82/fw1/log/2025-06-24_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 25 00:00 /opt/CPsuite-R82/fw1/log/2025-06-25_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 26 00:00 /opt/CPsuite-R82/fw1/log/2025-06-26_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 27 00:00 /opt/CPsuite-R82/fw1/log/2025-06-27_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 28 00:00 /opt/CPsuite-R82/fw1/log/2025-06-28_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 29 00:00 /opt/CPsuite-R82/fw1/log/2025-06-29_000000.log
12K -rw-rw---- 1 admin root 8.2K Jun 30 00:00 /opt/CPsuite-R82/fw1/log/2025-06-30_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 1 00:00 /opt/CPsuite-R82/fw1/log/2025-07-01_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 2 00:00 /opt/CPsuite-R82/fw1/log/2025-07-02_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 3 00:00 /opt/CPsuite-R82/fw1/log/2025-07-03_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 4 00:00 /opt/CPsuite-R82/fw1/log/2025-07-04_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 5 00:00 /opt/CPsuite-R82/fw1/log/2025-07-05_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 6 00:00 /opt/CPsuite-R82/fw1/log/2025-07-06_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 7 00:00 /opt/CPsuite-R82/fw1/log/2025-07-07_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 8 00:00 /opt/CPsuite-R82/fw1/log/2025-07-08_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 9 00:00 /opt/CPsuite-R82/fw1/log/2025-07-09_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 10 00:00 /opt/CPsuite-R82/fw1/log/2025-07-10_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 11 00:00 /opt/CPsuite-R82/fw1/log/2025-07-11_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 12 00:00 /opt/CPsuite-R82/fw1/log/2025-07-12_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 13 00:00 /opt/CPsuite-R82/fw1/log/2025-07-13_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 14 00:00 /opt/CPsuite-R82/fw1/log/2025-07-14_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 15 00:00 /opt/CPsuite-R82/fw1/log/2025-07-15_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 16 00:00 /opt/CPsuite-R82/fw1/log/2025-07-16_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 17 00:00 /opt/CPsuite-R82/fw1/log/2025-07-17_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 18 00:00 /opt/CPsuite-R82/fw1/log/2025-07-18_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 19 00:00 /opt/CPsuite-R82/fw1/log/2025-07-19_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 20 00:00 /opt/CPsuite-R82/fw1/log/2025-07-20_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 21 00:00 /opt/CPsuite-R82/fw1/log/2025-07-21_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 22 00:00 /opt/CPsuite-R82/fw1/log/2025-07-22_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 23 00:00 /opt/CPsuite-R82/fw1/log/2025-07-23_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 24 00:00 /opt/CPsuite-R82/fw1/log/2025-07-24_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 25 00:00 /opt/CPsuite-R82/fw1/log/2025-07-25_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 26 00:00 /opt/CPsuite-R82/fw1/log/2025-07-26_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 27 00:00 /opt/CPsuite-R82/fw1/log/2025-07-27_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 28 00:00 /opt/CPsuite-R82/fw1/log/2025-07-28_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 29 00:00 /opt/CPsuite-R82/fw1/log/2025-07-29_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 30 00:00 /opt/CPsuite-R82/fw1/log/2025-07-30_000000.log
12K -rw-rw---- 1 admin root 8.2K Jul 31 00:00 /opt/CPsuite-R82/fw1/log/2025-07-31_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 1 00:00 /opt/CPsuite-R82/fw1/log/2025-08-01_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 2 00:00 /opt/CPsuite-R82/fw1/log/2025-08-02_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 3 00:00 /opt/CPsuite-R82/fw1/log/2025-08-03_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 4 00:00 /opt/CPsuite-R82/fw1/log/2025-08-04_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 5 00:00 /opt/CPsuite-R82/fw1/log/2025-08-05_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 6 00:00 /opt/CPsuite-R82/fw1/log/2025-08-06_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 7 00:00 /opt/CPsuite-R82/fw1/log/2025-08-07_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 8 00:00 /opt/CPsuite-R82/fw1/log/2025-08-08_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 9 00:00 /opt/CPsuite-R82/fw1/log/2025-08-09_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 10 00:00 /opt/CPsuite-R82/fw1/log/2025-08-10_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 11 00:00 /opt/CPsuite-R82/fw1/log/2025-08-11_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 12 00:00 /opt/CPsuite-R82/fw1/log/2025-08-12_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 13 00:00 /opt/CPsuite-R82/fw1/log/2025-08-13_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 14 00:00 /opt/CPsuite-R82/fw1/log/2025-08-14_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 15 00:00 /opt/CPsuite-R82/fw1/log/2025-08-15_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 16 00:00 /opt/CPsuite-R82/fw1/log/2025-08-16_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 17 00:00 /opt/CPsuite-R82/fw1/log/2025-08-17_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 18 00:00 /opt/CPsuite-R82/fw1/log/2025-08-18_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 19 00:00 /opt/CPsuite-R82/fw1/log/2025-08-19_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 20 00:00 /opt/CPsuite-R82/fw1/log/2025-08-20_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 21 00:00 /opt/CPsuite-R82/fw1/log/2025-08-21_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 22 00:00 /opt/CPsuite-R82/fw1/log/2025-08-22_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 23 00:00 /opt/CPsuite-R82/fw1/log/2025-08-23_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 24 00:00 /opt/CPsuite-R82/fw1/log/2025-08-24_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 25 00:00 /opt/CPsuite-R82/fw1/log/2025-08-25_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 26 00:00 /opt/CPsuite-R82/fw1/log/2025-08-26_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 27 00:00 /opt/CPsuite-R82/fw1/log/2025-08-27_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 28 00:00 /opt/CPsuite-R82/fw1/log/2025-08-28_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 29 00:00 /opt/CPsuite-R82/fw1/log/2025-08-29_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 30 00:00 /opt/CPsuite-R82/fw1/log/2025-08-30_000000.log
12K -rw-rw---- 1 admin root 8.2K Aug 31 00:00 /opt/CPsuite-R82/fw1/log/2025-08-31_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 1 00:00 /opt/CPsuite-R82/fw1/log/2025-09-01_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 2 00:00 /opt/CPsuite-R82/fw1/log/2025-09-02_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 3 00:00 /opt/CPsuite-R82/fw1/log/2025-09-03_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 4 00:00 /opt/CPsuite-R82/fw1/log/2025-09-04_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 5 00:00 /opt/CPsuite-R82/fw1/log/2025-09-05_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 6 00:00 /opt/CPsuite-R82/fw1/log/2025-09-06_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 7 00:00 /opt/CPsuite-R82/fw1/log/2025-09-07_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 8 00:00 /opt/CPsuite-R82/fw1/log/2025-09-08_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 9 00:00 /opt/CPsuite-R82/fw1/log/2025-09-09_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 10 00:00 /opt/CPsuite-R82/fw1/log/2025-09-10_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 11 00:00 /opt/CPsuite-R82/fw1/log/2025-09-11_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 12 00:00 /opt/CPsuite-R82/fw1/log/2025-09-12_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 13 00:00 /opt/CPsuite-R82/fw1/log/2025-09-13_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 14 00:00 /opt/CPsuite-R82/fw1/log/2025-09-14_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 15 00:00 /opt/CPsuite-R82/fw1/log/2025-09-15_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 16 00:00 /opt/CPsuite-R82/fw1/log/2025-09-16_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 17 00:00 /opt/CPsuite-R82/fw1/log/2025-09-17_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 18 00:00 /opt/CPsuite-R82/fw1/log/2025-09-18_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 19 00:00 /opt/CPsuite-R82/fw1/log/2025-09-19_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 20 00:00 /opt/CPsuite-R82/fw1/log/2025-09-20_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 21 00:00 /opt/CPsuite-R82/fw1/log/2025-09-21_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 22 00:00 /opt/CPsuite-R82/fw1/log/2025-09-22_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 23 00:00 /opt/CPsuite-R82/fw1/log/2025-09-23_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 24 00:08 /opt/CPsuite-R82/fw1/log/2025-09-24_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 24 00:30 /opt/CPsuite-R82/fw1/log/2025-09-24_003010.log
12K -rw-rw---- 1 admin root 8.2K Sep 25 00:00 /opt/CPsuite-R82/fw1/log/2025-09-25_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 26 00:00 /opt/CPsuite-R82/fw1/log/2025-09-26_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 27 00:00 /opt/CPsuite-R82/fw1/log/2025-09-27_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 28 00:00 /opt/CPsuite-R82/fw1/log/2025-09-28_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 29 00:00 /opt/CPsuite-R82/fw1/log/2025-09-29_000000.log
12K -rw-rw---- 1 admin root 8.2K Sep 30 00:00 /opt/CPsuite-R82/fw1/log/2025-09-30_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 1 00:00 /opt/CPsuite-R82/fw1/log/2025-10-01_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 2 00:00 /opt/CPsuite-R82/fw1/log/2025-10-02_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 3 00:00 /opt/CPsuite-R82/fw1/log/2025-10-03_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 4 00:00 /opt/CPsuite-R82/fw1/log/2025-10-04_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 5 00:00 /opt/CPsuite-R82/fw1/log/2025-10-05_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 6 00:00 /opt/CPsuite-R82/fw1/log/2025-10-06_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 7 00:00 /opt/CPsuite-R82/fw1/log/2025-10-07_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 8 00:00 /opt/CPsuite-R82/fw1/log/2025-10-08_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 9 00:00 /opt/CPsuite-R82/fw1/log/2025-10-09_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 10 00:00 /opt/CPsuite-R82/fw1/log/2025-10-10_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 11 00:00 /opt/CPsuite-R82/fw1/log/2025-10-11_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 12 00:00 /opt/CPsuite-R82/fw1/log/2025-10-12_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 13 00:00 /opt/CPsuite-R82/fw1/log/2025-10-13_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 14 00:00 /opt/CPsuite-R82/fw1/log/2025-10-14_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 15 00:00 /opt/CPsuite-R82/fw1/log/2025-10-15_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 16 00:00 /opt/CPsuite-R82/fw1/log/2025-10-16_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 17 00:00 /opt/CPsuite-R82/fw1/log/2025-10-17_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 18 00:00 /opt/CPsuite-R82/fw1/log/2025-10-18_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 19 00:00 /opt/CPsuite-R82/fw1/log/2025-10-19_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 20 00:00 /opt/CPsuite-R82/fw1/log/2025-10-20_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 21 00:00 /opt/CPsuite-R82/fw1/log/2025-10-21_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 22 00:00 /opt/CPsuite-R82/fw1/log/2025-10-22_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 23 00:00 /opt/CPsuite-R82/fw1/log/2025-10-23_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 24 00:00 /opt/CPsuite-R82/fw1/log/2025-10-24_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 25 00:00 /opt/CPsuite-R82/fw1/log/2025-10-25_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 26 00:00 /opt/CPsuite-R82/fw1/log/2025-10-26_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 27 00:00 /opt/CPsuite-R82/fw1/log/2025-10-27_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 28 00:00 /opt/CPsuite-R82/fw1/log/2025-10-28_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 29 00:00 /opt/CPsuite-R82/fw1/log/2025-10-29_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 30 00:00 /opt/CPsuite-R82/fw1/log/2025-10-30_000000.log
12K -rw-rw---- 1 admin root 8.2K Oct 31 00:00 /opt/CPsuite-R82/fw1/log/2025-10-31_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 1 00:00 /opt/CPsuite-R82/fw1/log/2025-11-01_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 2 00:00 /opt/CPsuite-R82/fw1/log/2025-11-02_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 3 00:00 /opt/CPsuite-R82/fw1/log/2025-11-03_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 4 00:00 /opt/CPsuite-R82/fw1/log/2025-11-04_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 5 00:00 /opt/CPsuite-R82/fw1/log/2025-11-05_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 6 00:00 /opt/CPsuite-R82/fw1/log/2025-11-06_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 7 00:00 /opt/CPsuite-R82/fw1/log/2025-11-07_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 8 00:00 /opt/CPsuite-R82/fw1/log/2025-11-08_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 9 00:00 /opt/CPsuite-R82/fw1/log/2025-11-09_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 10 00:00 /opt/CPsuite-R82/fw1/log/2025-11-10_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 11 00:00 /opt/CPsuite-R82/fw1/log/2025-11-11_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 12 00:00 /opt/CPsuite-R82/fw1/log/2025-11-12_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 13 00:00 /opt/CPsuite-R82/fw1/log/2025-11-13_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 14 00:00 /opt/CPsuite-R82/fw1/log/2025-11-14_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 15 00:00 /opt/CPsuite-R82/fw1/log/2025-11-15_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 16 00:00 /opt/CPsuite-R82/fw1/log/2025-11-16_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 17 00:00 /opt/CPsuite-R82/fw1/log/2025-11-17_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 18 00:00 /opt/CPsuite-R82/fw1/log/2025-11-18_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 19 00:00 /opt/CPsuite-R82/fw1/log/2025-11-19_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 20 00:00 /opt/CPsuite-R82/fw1/log/2025-11-20_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 21 00:00 /opt/CPsuite-R82/fw1/log/2025-11-21_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 22 00:00 /opt/CPsuite-R82/fw1/log/2025-11-22_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 23 00:00 /opt/CPsuite-R82/fw1/log/2025-11-23_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 24 00:00 /opt/CPsuite-R82/fw1/log/2025-11-24_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 25 00:00 /opt/CPsuite-R82/fw1/log/2025-11-25_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 26 00:00 /opt/CPsuite-R82/fw1/log/2025-11-26_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 27 00:00 /opt/CPsuite-R82/fw1/log/2025-11-27_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 28 00:00 /opt/CPsuite-R82/fw1/log/2025-11-28_000000.log
12K -rw-rw---- 1 admin root 8.2K Nov 28 00:00 /opt/CPsuite-R82/fw1/log/fw.log
4.0K -rw-rw---- 1 admin root 231 May 26 2025 /opt/CPsuite-R82/fw1/log/fw_fast_accel.log
2.5M -rw-rw---- 1 admin root 2.1M Nov 28 10:49 /opt/CPsuite-R82/fw1/log/tracker.log
[Expert@FW-WF:0]#
[Expert@FW-WF:0]#

As you can see, could you “confirm” or “deny” that the FW is storing logs locally?

Thanks 🙂

the_rock

Based on that, seems its logging to mgmt server (S1C).

Best,
Andy

the_rock

Hey bro,

I spoke with our SE yesterday and asked him about this and he told me that Account services should be able to help, but if not, you can ask your local SE and they can assist you for the eval license on S1C.

Best,
Andy

Matlu

Hello,

In order for GW to save logs “locally,” I understand that the checkbox for the following option must be enabled, correct?

Because I have tried several filters with the fw log you recommended, but I am not getting any results 😑

[Expert@FW-WF:0]#
[Expert@FW-WF:0]#
[Expert@FW-WF:0]# fw log -n -p -c drop
[Expert@FW-WF:0]#
[Expert@FW-WF:0]#

the_rock

Can you restart fwd?

Best,
Andy

Matlu

With which command?
Does restarting fwd affect services?
To enable the GW to save the logs itself, do you have to check the box?

the_rock

https://checkpointmanageeasy.blogspot.com/2011/05/how-to-restart-fwd-process-in.html

Btw, IF fw is logging locally, below sk is the best to troubleshoot wy:

https://support.checkpoint.com/results/sk/sk40090

Best,
Andy

Matlu

Bro,

I understand that the value after “root...” should increase to assume that the GW is storing logs locally, right?
Because it's been more than 5 minutes and the value remains static.

Cheers 🙂

the_rock

Just do this for 10 mins and see if it changes

watch -d ls -lh $FWDIR/log/fw.log

Best,
Andy

Matlu

Hey,
I monitored it for more than 10 minutes, and the value remains the same, not going above 8.2K.
Does this mean that the device is not storing logs locally? Or how should this result be interpreted?

Matlu

Should the option inside the red box be selected for the FW to save logs locally?

the_rock

Yes!

Best,
Andy

the_rock

Thats EXACTLY what it means.

Best,
Andy

Matlu

Does enabling the option to save logs locally on the same FW mean you have to be “careful” about high CPU or memory consumption on the device?

the_rock

I dont believe logging would have much to do with that, but Im curious, why would you want both local and mgmt logging? I had never seen anyone do that before.

Best,
Andy

Matlu

I don't have logs in my SmartConsole due to problems with my LICENSE.
So I need to apply the option to review the logs somehow via the CLI but on the same GW.
So, to use the “fw log” option, I understand that I need this option to save the logs locally, otherwise I'll have my hands tied 😞

the_rock

Kk, got it! Why not apply eval in the meantime?

Best,
Andy

Matlu

I don't have access to SmartUpdate to upload an EVAL license.

It's a Smart1-Cloud environment.

😞

the_rock

Did you check if Account services or your local SE can help?

Best,
Andy

Chris_Atkinson

An eval for Smart-1 Cloud will not override the quota if you are breaching it in my experience.
If you've exhausted the logging optimization options the shortest path is to purchase the necessary license.

CCSM R77/R80/ELITE

the_rock

That does not sound right to me that it would not let you see the logs in real time due to licensing. If you are able to open smart console on cloud portal, if license is expired, Im almost positive it would still show you the logs, unless logging is failing, in which case you need to see why its logging locally, as @Wolfgang mentioned.

Best,
Andy

Chris_Atkinson

Logging volume is capped if you exceed the quota unless you purchase more or are able to optimize your logging config. So logs exceeding the limit are not displayed in that instance...

CCSM R77/R80/ELITE

the_rock

Ah, ok. I recall 5 years ago that was not the issue, but never really had to deal with that situation myself : - )

Best,
Andy

Are you a member of CheckMates?

SNIFFERS in the absence of LOGS