Symptoms:

Need log files produced by the Check Point security products (IE $FWDIR/log/fw.log) in readable / transferable (IE smaller) format.

Problem:

How do I export Check Point log files?

Solution:

To export Check Point FW-1 log files, follow these steps.

GUI:

1. Open SmartView Tracker

2. Open the relevant .log file — “File” menu > “Open…” (fw.log is active and default, but depending on log switch configuration, may not contain records for the days the issue occurred)

3. Apply any filters you want to use (log exports can easily be far > 100 MB without them)                                        – apply filters to both source and destination as only the server and the problematic client IPs.

4. Go to “File” menu > “Export…”

5. Save the .txt file

Note: Upon receiving the exported logs you can open them in Excel. File > Open… locate the .txt (change the file type from spreadsheet to all or text to locate) and open it. In the “Text Import Wizard” (launches automatically) select “Delimited”, then click next. For the Delimiters, select “Space” (ensure “Treat consecutive delimiters as one” is selected and text qualifier = ” double-quotation mark). Click finish.

CLI:

Run the following command:

fwm logexport

Description  fwm logexport exports the Log file to an ASCII file.
Usage fwm logexport [-d delimiter] [-i filename] [-o outputfile] [-n] [-p]
[-f] [-m <initial | semi | raw>] [-a]

For more information, refer to the CLI reference guide. Latest (as of this edit: http://dl3.checkpoint.com/paid/23/CP_R75_CLI_ReferenceGuide.pdf?HashKey=1343944110_5e2d00183f6e22924897e4a733cad1b3&xtn=.pdf )

Depreciated (3.0 and NG stuff):

1. From the machine on which the firewall is installed, access a command prompt.

2. Change to the directory where the fw.exe file is located.

3. Enter the following text to export the fw.log log files.

fw logexport -d ; -i fw.log -o[log_path]\fw.log

4. Enter the following text to export the fw.alog log files.
fw logexport -d ; i fw.alog -o [log_path]\fw.alog

To export Check Point NG log files, follow these steps:

1. On the computer where the firewall is installed, open a command prompt.

2. Switch to the \winnt\fw1\NG\bin directory where the fw.exe file is located.

3. Export the log files using the following command:

fwm logexport -i “<“input file”>” -o “<“output file”>”

(Note:There are (“quotation marks) around the (<) & (>) take out the quotation marks. They were placed there because without them the browser sees the command as an HTML script and has an undesired affect.)

Note: If you do not specify an input file Check Point exports the current log.