Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Participant

CRON JOB TO SEND LOGS WITH A FREQUENCY OF LESS THAN A DAY

.We created remote Access VPNs on Checkpoint Firewall for our remote users during lock down.However the Audit team what logs for the VPN users daily for the entire day ,the issue isthe logs we are polling are 10000.

. There is a limit to 10,000 row using  the queries as suggested by Checkpoint

 

.Is there a way we can pull the logs direct from the SMS on daily basis and create a cron job to send via email.Or Create a Corn job that periodically sends the logs after every hour..Please advice if its possible and secondly the method. I really appreciate your help in advance

 

Please Assist

0 Kudos
Reply
3 Replies
Admin
Admin

Precisely how have you configured this?
What version/JHF level is your management?

If you're pulling logs via SmartView (https://management-ip/smartview), you can pull up to a million entries via CSV.
Don't remember if you can schedule this or not.

You might also want to see if one of the reports listed here might suffice: https://community.checkpoint.com/t5/Remote-Access-Solutions/Remote-Access-VPN-Short-List-of-Most-Use...
Participant

I have answered  some of your '?' points
Precisely how have you configured this?
What version/JHF level is your management?---- R80.10

If you're pulling logs via SmartView (https://management-ip/smartview), you can pull up to a million entries via CSV.......i may be interested with this one...{do you have a link to a page where this procedure is described}
Don't remember if you can schedule this or not...... if i can schedule the better

You might also want to see if one of the reports listed here might suffice: https://community.checkpoint.com/t5/Remote-Access-Solutions/Remote-Access-VPN-Short-List-of-Most-Use...
 
Below is the list of logs polled into CSV, the issue is they are not going beyond 10000, how do i change this behavior for them to get to a million.
 
thanks Phoneboy
 
 
 
 
 
 
0 Kudos
Reply
Admin
Admin

You still haven't answered the question of exactly how you configured things to get the logs you are getting.
If you're configuring this via SmartConsole, I seem to remember there is a limit to the number of log entries that can be exported, particularly in R80.10.
Highly recommend upgrading your management to a newer release (like R80.30).

In any case, you should be able to do something similar (using a similar process) in SmartView.
The SmartView UI is significantly better in later releases.

If you don't want to upgrade, you may be able to pull the desired logs on the CLI using CPLogFilePrint and a little scripting.
However, later releases have other features that will significantly improve your overall experience.