LevelBlue Completes Acquisition of Cybereason.  Learn More

LevelBlue Completes Acquisition of Cybereason.  Learn More

Services
Cyber Advisory
Managed Cloud Security
Data Security
Managed Detection & Response
Email Security
Managed Network Infrastructure Security
Exposure Management
Security Operations Platforms
Incident Readiness & Response
SpiderLabs Threat Intelligence
View All Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Operational Technology
End-to-end OT security
Microsoft Security
Unlock the full power of Microsoft Security
Securing the IoT Landscape
Test, monitor and secure network objects
Why LevelBlue
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
LevelBlue SpiderLabs
Global researchers, ethical hackers, and responders
LevelBlue Security Operations Platforms
Unprecedented security visibility and control
Security Colony
Access to cybersecurity threat protection resources
Partners
Microsoft Security
Unlock the full power of Microsoft Security
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
Loading...
Loading...

LevelBlue Knowledge Base

Home » Knowledgebase » Legacy Products » Security Reporting Center » INFO: Why do I get strange results when I try to open my...

INFO: Why do I get strange results when I try to open my Checkpoint log files?

Expand / Collapse
Show/Hide Article Tools


This article applies to:

  • Firewall Suite 4.1x
  • Security Reporting Center 2.1x

Question:

  • Why do I get strange results when I try to open my Checkpoint log files?
  • How do I export Check Point log files into an ASCII text file?

Causes:

This issue is a result of exporting the log files from the GUI. The log files need to be exported via the command line.

Information:

Exporting Check Point Logs

Check Point stores log files in a proprietary binary format that is not directly accessible. In order to analyze these files and create reports, you must export them to an ASCII text file using the log export utility supplied by Check Point.

Check Point maintains two types of log files: fw.log and fw.alog.

  • The fw.log file contains all the information required for reports, except for bandwidth data. 
  • The fw.alog file contains bandwidth data.

When you create the Check Point security policy, set the tracking option to create .log files, or to create both .log and .alog files.

Note: Always use the command line to export Check Point log files. Security Reporting Center cannot parse data that has been exported using the Check Point user interface.

To export Check Point log files:

  1. On the computer where the firewall is installed, open a command prompt.
  2. Switch to the folder where the fw.exe file is located.
    • For version 4.0: \winnt\fw\bin

    • For version 4.1: \winnt\fw1\4.1\bin

  3. Export the log files:
    • To export the fw.log file, type:
      fw logexport -d ; -i fw.log -o log_path\fw.log

    • To export the fw.alog file, type:
      fw logexport -d ; -i fw.alog -o log_path\fw.alog

Make sure that Security Reporting Center can access the log files. Either map a drive to the firewall from the computer running Security Reporting Center, or copy the log files to another computer accessible to Security Reporting Center.

This article was previously published as:
NETIQKB40349

To contact LevelBlue about this article or to request support:

Rate this Article:
     
Tags:

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster.


Execution: 0.062. 8 queries. Compression Disabled.
Powered by InstantKB.NET