Re: Checkpoint Fw1 syslog logging. Any solution ?

[Tom Van de Wiele <tom.vandewiele () gmail com>]

If you don't need the logs in realtime you could configure a scheduled
task to do a "fwm logexport" to export the logs of the day to ASCII,
and then feed those to a syslog server using some scripting.  It
depends what you want to do with the logging I suppose.

A long shot and only helpful if you don't have a lot of logs being
generated and/or don't want to write your own OPSEC product.  If you
need the logs in semi-realtime fashion, you could make a script (perl
to the rescue?) that opens a filehandle where the filehandle would be
"fwm log -f" and redirect this input to another filehandle for writing
to a syslog entry.  This will not work if you have a lot of logs being
generated.  FW-1 will output what it can considering the amount of
packets to log and the latency of outputing this to ASCII and will
skip certain entries if it can't keep up.

Check Point is working on an application for logcorrelation and
incident response but its far from done. It's called Eventia and I'm
sure they'll have a syslog option somewhere.  But as Check Point is
playing the catch-up game of everything but their core firewall
business and maybe their "Integrity" product, you might want to wait a
little while before actually implementing this. And if the only thing
you need is syslog then this might be just a slight case of overkill
:)

Good luck

Tom



On 22 Sep 2005 13:50:58 -0000, contrera () eig unige ch
<contrera () eig unige ch> wrote:
> Hi,
>
> I need to redirect my checkpoint firewall logs to a syslog server.
>
> I've founded the following url that describe a trick for being able to redirect the fw1 log to syslog but it works 
> only on Linux : http://wyae.de/docs/fw1syslog.php
>
> My checkpoint host is on windows so i can't use this.
> Someone knows a solution for a windows host ?
>
> Thanks a lot