Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: checkpoint firewall log file issue

checkpoint firewall log file issue 10 years 10 months ago #11436

  • allan
  • allan's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
A client calls me to check firewall logs to verify that his traffic is passing through a CheckPoint firewall. The firewall is CheckPoint NG FP3 running on solaris. The Management server is down because the unix team is applying patches to the management server. How do I check the logs on the firewall?
The administrator has disabled public write access.

Checkpoint logs 10 years 10 months ago #11454

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
The logs are held in a /log subdirectory beneath your main firewall directory, but I don't think you can just read them. I've only been on the basic FW1 admin course, but the instructor mentioned that there are a ton of command-line utilities that you can use directly on the enforcement module and I'm sure I remember reading the logs being mentioned. A trawl of the manuals might turn up what you need. Alternatively, could you copy the file out and read it using a different management console?
The administrator has disabled public write access.

Re: checkpoint firewall log file issue 10 years 10 months ago #11461

  • allan
  • allan's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
thanks a lot, BTW, I'm some of confusion that the following commands
cpstart, cpstop, fwstart, fwstop, fw fetch, fwm load, fwm unload

which commands are working on the enforcement module (checkpoit) and which are working on the smartcenter server (console)?
The administrator has disabled public write access.

Commands 10 years 10 months ago #11488

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
I've sent you some notes on the command line commands in a PM
The administrator has disabled public write access.

Re: checkpoint firewall log file issue 10 years 10 months ago #11633

  • tiamat
  • tiamat's Avatar
  • Offline
  • Distinguished Member
  • Posts: 102
  • Karma: 0
'fw log -f' will log to the screen. You may also want to add '-n' to not resolve names. Ctrl-C to break out of it.

as for the commands you listed, most of them will work on both enforcement module and smartcenter, with the exception of the 'fwm' commands (the 'm' for management). If you try to run an 'fwm' command on an enforcement module, it will tell you that it's not a mangement server, and just error out.
The administrator has disabled public write access.
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup