Checkpoint Log management 3

[jlmk]

Hi. I have 2 Nokia Checkpoint and 1 Console. The console is running on WinNT for centralized admin and log analysis. But I have a big problem in logging issue. Since the log size is too large and slow down the searching. Is there any command or method that helps to periodically export and purge the log. Someone told me that I can schedule a command "C:\FW1\4.1\bin\fw logswitch" to purge the log. But how about the log backup. Please advise. Thanks.

 

[red7]

I found that when I deleted the DNS IP addresses from the Nokia Box in Voyager, it drastically increased the performance of the log viewer.

 

[SwA]

Hi JLMK,you are right about the "fw logswitch" command.You can schedule it on Win NT using the "at" command.What the logswitch command does is save your current log and create a new one, so no logging is lost if you schedule a "fw logswitch" command e.g. daily.You can always open previous logfiles by using the "open" command in the Log Viewer.If you want to,you can backup the old logfiles (which are named sth like ....%dateoflogswitch%.log) to tape or cd or whatever and delete these files to save diskspace on your logging server.

 

[Milla]

Is there a CLI command to export? In other words, has anyone had any luck in using at (or cron, I suppose) to schedule "export". If I could export, then switch, that would be great!
TIA
m

 

[ststokes]

Yes, you can. I have the following in a batch file that is scheduled to run every night at midnight. It dumps the logs to a file with the date attached and creates the new logs.


for /F "tokens=1-4 delims=/ " %%i in ('date /t') do (
set DayOfWeek=%%i
set Month=%%j
set Day=%%k
set Year=%%l
set Date=%%i %%j/%%k/%%l
)
set CurrentDate=%Month%-%Day%-%Year%
c:
cd \winnt\fw1\4.1\bin
fw logswitch %CurrentDate%
fw logexport -i %CurrentDate%.log -o E:\logfiles\fwlogs%CurrentDate%.log
fw logexport -i %CurrentDate%.alog -o E:\logfiles\fwlogs%CurrentDate%.alog