One-liner: How to convert CheckPoint firewall logs

To make the log format predictable, create /etc/fw/conf/logexport.ini with the following

For R70 (Secuplat):

included_fields=num,date,time,src,dst,proto,service,action,xlatesrc,xlatedst,peer gateway,<REST_OF_FIELDS>  

For R77 (GAIA):

included_fields=date,time,src,dst,proto,service,action,xlatesrc,xlatedst,peer gateway,<REST_OF_FIELDS>

Create a directory for the converted logs:

mkdir /var/log/2019.txt

Run the following command to convert all logs, for example, for January 2019:

for i in $FWDIR/log/2019-01-*.log; do echo $i; fwm logexport -n -p -i $i |  gzip -c - > /var/log/2019.txt/$i.txt.gz; done

Leave a Reply

Your email address will not be published. Required fields are marked *