View exported FW logs? 2

[achilleus]

Thanks in advance for any help you can offer...

Is there any software that I can use on my workstation to view the exported FW logs? I tried opening one and it was full of boxes and other characters. I want to be able to review old logs at my workstation and not have to use the FW machine itself.


AJ
SA
HS

 

[ststokes]

Are you sure that you are looking at EXPORTED logs and not the actual .log or .alog files? The reason I ask is because I have never had this issue when I have exported the logs. They are plain text then. They are also stored as test when you use FWLOGSWITCH.



Scott

 

[Yardyy]

there are a cople of ways of getting FW to export the files in text format, i have a couple of lines of script that i use to do this. i can email them to you if you wish or display them here.

get back to you on monday..

 

[achilleus]

Thanks so much for the replys.

The logs are from using the "Log swtich" option in the Log Viewer. Some of them do appear as text files; but they are not readable.

Would be great if you could post the scripts you have Yardyy.

Thanks again!

AJ
SA
HS

 

[ststokes]

Here is the script that I always used before. It switches the log daily and creates daily backups of the files.

for /F "tokens=1-4 delims=/ " %%i in ('date /t') do (
set DayOfWeek=%%i
set Month=%%j
set Day=%%k
set Year=%%l
set Date=%%i %%j/%%k/%%l
)
set CurrentDate=%Month%-%Day%-%Year%
c:
cd \winnt\fw1\4.1\bin
fw logswitch %CurrentDate%
fw logexport -i %CurrentDate%.log -o E:\logfiles\fwlogs%CurrentDate%.log
fw logexport -i %CurrentDate%.alog -o E:\logfiles\fwlogs%CurrentDate%.alog

Scott

 

[Yardyy]

If you use a NOKIA box that uses Ipso then you can use the procedure below. You have to get onto the NOKIA box via telnet and then do the following

cd $FWDIR
cd log
/opt/CPfw1-50-02/bin/fwm logexport -i /var/opt/CPfw1-50-02/log/"name of log file.log" -n -o "the exported file.txt"

eg.
/opt/CPfw1-50-02/bin/fwm logexport -i /var/opt/CPfw1-50-02/log/2003-04-16_150155_3.log -n -o 2003-04-16_150155_3.txt

you may need to look at your directory structure it may be different from what i have.

once that is done, you will have created a .txt file that you can then by FTP transfer the file to another computer and then analyse as required.

if is still not clear, i will try to help you all i can..

 

[Yardyy]

I just found the article that i used, it is from netiq.com either search for ID Number 5691 or click on this

http://www.netiq.com/kb/esupport/co...1&searchtype=normal&searchclass=&bnewsession=

How do I export Check Point FW-1 log files?

Article ID: NETIQKB5691 First Published: June 5, 2002
Last Reviewed: December 3, 2002

Affected Environments
Security Reporting Center WebTrends Firewall Reporting Center
WebTrends Firewall Suite




Solution
To export Check Point FW-1 log files, follow these steps.


From the machine on which the firewall is installed, access a command prompt.

Change to the directory where the fw.exe file is located.

Enter the following text to export the fw.log log files.
fw logexport -d ; -i fw.log -o[log_path]\fw.log


Enter the following text to export the fw.alog log files.
fwlogexport -d ; i fw.alog -o [log_path]\fw.alog




Note: If the firewall is running on Solaris, you do not need to put in the command -d ; as it is already configured to do this.



_____

Hope that helps

 

[wanyph]

hi,


can you tell me how to make a detailed logfile where i
can see more information?

i want to make a report where i can see the top-users (internet surfers) (bandwitdh)


mewi