merging multiple logs with a software

pop_alex · #1 (**permalink**) 2006-06-02

Hi,

Is there a software or tool which can merges a multiple log files into one? I have around hundreds of logs (with 5MB each) and wants it to merge into one.

Thanks very much.

Regards,

Al

kva.kva · #2 (**permalink**) 2006-06-03

https://secureknowledge.checkpoint.c....do?id=sk10444

fw mergefiles [-s] [-t time_conversion_file] filename_1.log [... filename_x.log] output_file
SYNTAX OPTIONS:
-s sort merged file by log records time field
-t time_conversion_file different GMT zone log records time in the event that the log files originated from log servers in different time zones. The time_conversion_file format is: IP address signed_date_time_in_seconds.

pop_alex · #3 (**permalink**) 2006-06-03

Thanks. I think I have to create a scripts to do the job based on the merging tool from Check Point.

Regards,

Al

don_veto · #4 (**permalink**) 2006-11-21

Hi,
i also want to use fw mergfiles but i´m not able to.

If i enter following, i got no error message, but no output file, too:

D:\>fw mergefiles D:\2006-11-13.log D:\2006-11-17.log D:\2006-11-18.log D:\2006-11-19.log D:\2006_week_46.log

This files are exported from SmartView Tracker.

I use R55. Is this only possible with R60+ ?

Or is there any error in my command?

Any help i would appreciate.

(heers

don_veto

kva.kva · #5 (**permalink**) 2006-11-21

PROCEDURE:
1) Ensure all log files to be consolidated are located/moved into the $FWDIR/log directory.

2) Within the $FWDIR/log directory type at prompt: fw mergefiles filename_1.log filename_2.log output_filename.log

NOTES:
It is recommended not to merge active log files.
It is recommended to perform a logswitch of the active log before merging.

don_veto · #6 (**permalink**) 2006-11-21

$FWDIR\log>fw mergefiles 2006-11-13.log 2006-11-17.log 2006-11-18.log 2006-11-19.log 2006_week_46.log

Same result. No errors, no output file.

kva.kva · #7 (**permalink**) 2006-11-21

Did you have only *.log files for one date in log-directory?

For example for 2006-11-13 - only 2006-11-13.log file without 2006-11-13.logaccount_ptr, 2006-11-13.loginitial_ptr, 2006-11-13.logptr. I think for merging you need all these files.

don_veto · #8 (**permalink**) 2006-11-21

no, i filtered the complete logfile to have only the entrys for a specific user. This filtered file i exported to 2006-11-13.log. I only have this one file.

I had an NGX II course last week and there i tried it on R60 and it worked in this way. I´m not sure, if i used exactly the same command.

I have no R60 here, maybe one of you can try it with exported files and tell me if it works?

kva.kva · #9 (**permalink**) 2006-11-21

I tried on my vmware. Really you need not only *.log files. Without *.logaccount_ptr, *.loginitial_ptr, *.logptr "fw mergefiles" doesn't work. Also I tried Save Is from SmartView Tracker (with filter or without - it does not matter) - appear 5 new files in log dir *.log, *.logaccount_ptr, *.loginitial_ptr, *.logptr, *logLuuidDB.

don_veto · #10 (**permalink**) 2006-11-21

thank you very much for testing!

If you use the export command of SmartView Tracker, you have just one file. I want to import the log entrys in Excel for better presentation, so i chose the export option.

I think with Save As... it is not possible or at least not so comfortable.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode