Security Basics mailing list archives
Re: Checkpoint Fw1 syslog logging. Any solution ?
From: Tom Van de Wiele <tom.vandewiele () gmail com>
Date: Fri, 23 Sep 2005 00:40:37 +0200
If you don't need the logs in realtime you could configure a scheduled task to do a "fwm logexport" to export the logs of the day to ASCII, and then feed those to a syslog server using some scripting. It depends what you want to do with the logging I suppose. A long shot and only helpful if you don't have a lot of logs being generated and/or don't want to write your own OPSEC product. If you need the logs in semi-realtime fashion, you could make a script (perl to the rescue?) that opens a filehandle where the filehandle would be "fwm log -f" and redirect this input to another filehandle for writing to a syslog entry. This will not work if you have a lot of logs being generated. FW-1 will output what it can considering the amount of packets to log and the latency of outputing this to ASCII and will skip certain entries if it can't keep up. Check Point is working on an application for logcorrelation and incident response but its far from done. It's called Eventia and I'm sure they'll have a syslog option somewhere. But as Check Point is playing the catch-up game of everything but their core firewall business and maybe their "Integrity" product, you might want to wait a little while before actually implementing this. And if the only thing you need is syslog then this might be just a slight case of overkill :) Good luck Tom On 22 Sep 2005 13:50:58 -0000, contrera () eig unige ch <contrera () eig unige ch> wrote:
Hi, I need to redirect my checkpoint firewall logs to a syslog server. I've founded the following url that describe a trick for being able to redirect the fw1 log to syslog but it works only on Linux : http://wyae.de/docs/fw1syslog.php My checkpoint host is on windows so i can't use this. Someone knows a solution for a windows host ? Thanks a lot
Current thread:
- Checkpoint Fw1 syslog logging. Any solution ? contrera (Sep 22)
- Re: Checkpoint Fw1 syslog logging. Any solution ? Tom Van de Wiele (Sep 26)
- Re: Checkpoint Fw1 syslog logging. Any solution ? xyberpix (Sep 26)
- Re: Checkpoint Fw1 syslog logging. Any solution ? Rajeev Kumar (Sep 26)
- <Possible follow-ups>
- Re: Checkpoint Fw1 syslog logging. Any solution ? contrera (Sep 26)
- Re: Checkpoint Fw1 syslog logging. Any solution ? Chris Clymer (Sep 28)