Sorry Günther W. Albrecht, I checked but it seems that in a unlimited license environment these files do not exist.

Thanks https://community.checkpoint.com/people/917b8439-9d5c-34f0-b86a-f0e1b0a14cbd  we were able to use this and find the number, now I just need to make sure we collect all the correct information, to make sure that when a logfile crosses the 2GB limit, we collect all information of each day.

But we are on the right path.

I'm glad I could be of help.

This is what we ended up doing:

cd $FWDIR/log
fwm logexport -np -i log/2019-01-17_000000.log -o 2019-01-17_000000.exp
cat 2019-01-16_000000.exp | grep accept | cut -d ';' -f20 | sort | uniq | grep '^10.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' > ip-list

wc -l ip-list > count

Thanks for posting the final solution.

Valid under the assumption that all firewall rules are logged.

Polished it a bit and put it in a bash script with the added point that you can add the logfile name on the command line:

LF=$1
   if [ "$LF" == "" ]; then
   LF="fw.log"
fi
fwm logexport -np -i $LF | grep accept | cut -d ';' -f20 | sort | uniq | grep '^10.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' > IP-list
wc -l IP-list > count
echo
echo
echo "For logfile $LF the number of unique IPs is:"
cat count

This seems appropriate as all these files are used for is User IP counting for checking the license limits. Unlimited licenses do not need that, of course, but you did not mention that in your initial post at all...

I thought that user based licenses were a thing of the past since the blade licenses? It's a long time ago that I have seen licenses with a user limit, where it also was enforced.

No, we still have user based licenses (e.g. EPS clients) and seat based licenses (e.g. MAB, only the number of concurrent users is limited). Also see Remote Access Users license + count.