Can't view logs older than 2 days in SmartView Tracker

[Degsy]

Hi there

First post so be gentle!

I have around 28GB of firewall logs on the management server yet in SmartView Tracker, the log only displays back to the previous day.

Is it possible to view all logs (or run a query) in the one window?
Reason I ask is i need to check when a certain Client VPN user connected but I don't know when it was last connected.

I don't have Eventia Reporter licenced so not sure if this would solve my problem.

Doing my NGX I & II courses next week so should be more up to speed then.

Any help appreciated.

Running CP NGX R60

Cheers
Degsy

[northlandboy]

You've probably got your logs being rotated regularly - a good strategy. If they were one 28GB file, it would be extremely slow to search through it.

You can open previous log files (file -> open), but that will replace your current view. The current filter will be applied.

Searching for when remote users last logged in can be a real pain. If you're doing third party authentication, it's easier, but Check Point isn't really set up for it.

You could, I suppose, export all the logs to text files, and search them, but it would take a long time and a lot of diskspace.

[Degsy]

Yes the logs are rotated at midnight each day.
Well i guess my only option is to use the "search in file" function in Windows Explorer across all files and then open only those files with positive results.
Thanks for the prompt reply northlandboy!

[RayPesek]

For whatever it's worth, we had to be able to look at remote user logins easily due to Sarbanes-Oxley audit requirements. We bought a SmartView Reporter R56 license and it's made things like this wonderfully easy.

It automatically aggregates all logs into a single MySQL database. I cna hold a year's worth of logs in about 22 GB. Oddly, that's a lot less than the individual log file sizes.

Ray