Check Point Firewall - fwlog, audit log, messages
HTML-код
- Опубликовано: 27 авг 2024
- In this video we check out the 3 diff log files.
fwlog together with smartview
audit log
/var/log/messages
Affiliate links
Computer.
AMD Ryzen 7 3700X 8-Core, 16-Thread - amzn.to/2QGX1k1
Corsair Vengeance LPX 32GB (2X16GB) DDR4 3200 - amzn.to/3svzzEu
ASUS ROG Strix B550-F - amzn.to/31rYRri
1TB NVMe SSD - amzn.to/2O2Jl1W
8TB WD RED - amzn.to/3cqkyOG
Dell U3419W - amzn.to/2PEGk8f
Dell P2421 - amzn.to/3w5nJDd
Logitech MX3 - amzn.to/39ovLxn
Logitech MX Keys - amzn.to/2Pht0a5
RUclips Gear.
Sony AX43 - amzn.to/2Pz1THB
Rode NT-USB with Rode PSA-1 - amzn.to/3u1o1sZ
Elgato Green screen - amzn.to/3dhaoz9
Elgato Stream Deck - amzn.to/2PC9wgo
Elgato Camlink 4K - amzn.to/3sqWiBw
Elgato KeyLight - amzn.to/2NYD6Mr
Samsung T5 500G - amzn.to/3rvFqrW
Este vídeo es oro para los que trabajan con Checkpoint, regards bro... And excelent video
I have never seen so easily readable logs in CLI :D, that red marking, amazing!
Hehe, the color markings is from a plug-in to secure-crt and it makes it’s so much easier to see things.
@@MagnusHolmberg-NetSec I cant stop look at it :D:D Going through your videos, great content. Keep it coming ;)
Enjoy the serie and I hope it will be helpful:)
Thanks for watching and commenting
Well done mate! Short and bang on target
Thanks Rizwan :)
So what is next on the list, soon we have covered all the CCSA content
you've done a wonderful job
Hi Magnus,
Is it possible in log we can see bytes sent/received from smartconsole log monitoring/smartview?
how to export all logs from this , all means older newer all
If you want to read all the logs in /var/log/messages, use less, so `less /var/log/messages`.
If you want to filter the logs in /var/log/messages, use grep like this: `grep 'down' /var/log/messages`.
Check point is a lot easier if you know Linux :D
Hi Magnus , Thanks for detailed explanation... Can you also add the steps to delete all log files if the memory gets full..
Your welcome, alright, i will make something about that.
Here i was thinking more like a cronjob so you could do gzip the logs and ship them away instead of just deleting logs.
Because if you just want to delete logs this will be done automatically by check point when the disc is full.
Hi @magnus
We have checkpoint Firewall and as per compliance require 3 years logs online and 8 years archival
Request your suggestion to log management as per above policy (except SIEM kind of solution)
IF SMS mgmt has 500GB storage and 100GB logs per day
Looking for solution where we can copy the log files from va/log location and save to SFTP
how we can automate and how we can generate the file per day one file with date so that can be build automation to send logs file from var/log and send to some sftp serever per day..and SFTP can be backup some where.
Set up a dedicated log server with like 2-3TB of discs because u wanna be able to search logs for a few days easy within the checkpoint environment.
Set the box to create logfiles each day, they will max be 4GB anyway so you will have mutiple files per day.
Create a scrip that check the folder for files with a specific ending and age of the files. Gzip the logs that are older than X days so they take 10% of the space.. have them scp to a normal Linux server running scp. Run validation on the md5 hash to make sure they are correct. Once transfered delete the files on the original box.
Restart the log process from time to time to clear the index.
am getting error credentials are needed for a secondary tunnel connection while connecting vpn using endpoint security
How to check audit log through cli
Hi Magnus , need help regarding Log Exporter for SIEM applications
have never fixed that myself actually so i would check the following SK.
supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323
They do have good guides on the large vendors :)
Hi Magnus, after deploying checkpoint Management server 1st time and integrating it with gateway, im not able to see any logs in that, can you please suggest me and help here...
Hi, if your sic status and all of that is ok, it should show up in the mgmt server.
Btw, dont forget to push the policy / install database on log/mgmt servers.
Logs uses specific ports to the mgmt server BUT they are default permitted in the rulebase. if you passing other firewalls you may need to check them so all needed ports is actually open between the gw and firewall.
hi magnus can you make a video about fw fetch
Hi, you mean like how to fetch the policy from CLI instead of installing policy from GUI?
@@MagnusHolmberg-NetSec yes exactly .
My checkpoint saves only 16 days data
Can u suggest where i can make the change to store the logs for 2 months?
Per default Check Point will save logs until the disc is finish on the box, but it will only remain INDEX for 15days, meaning what you can easy search within smartlog.
Is it within CLI that you are unable to see the logs or within smartlog?
How to see old logs in checkpoint?
If you mean in smartconsole the number of days you can see there depend on your index. I think standard is 14days.
For older logs than indexed.
Check out sk111766
@@MagnusHolmberg-NetSec Thank you very much