One-liner: How to convert CheckPoint firewall logs

To make the log format predictable, create /etc/fw/conf/logexport.ini with the following

For R70 (Secuplat):

[Fields_Info]
included_fields=num,date,time,src,dst,proto,service,action,xlatesrc,xlatedst,peer gateway,<REST_OF_FIELDS>

For R77 (GAIA):

[Fields_Info]
included_fields=date,time,src,dst,proto,service,action,xlatesrc,xlatedst,peer gateway,<REST_OF_FIELDS>

Create a directory for the converted logs:

mkdir /var/log/2019.txt

Run the following command to convert all logs, for example, for January 2019:

 
for i in $FWDIR/log/2019-01-*.log; do echo $i; fwm logexport -n -p -i $i |  gzip -c - > /var/log/2019.txt/$i.txt.gz; done

Related posts:

  1. One-liner: How to scan a network for up & down hosts and show OUI info This is another version of the ping sweep one-liner script. To show...
  2. Quick MyBB MySQL fix Quick SQL fix to address the following issues for some MyBB users:...
  3. Aikido ukemi – how it should be done You must be able to make a safety fall on concrete:...
  4. No external images in Evolution If you see no images in HTML-mail in evolution, add the following...
  5. One-liner: how to check temperature differences The idea of this not-quite-one-liner is to periodically check the DIMM temperatures...

Leave a Reply

Your email address will not be published. Required fields are marked *