CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 3 of 3

Thread: Delete specific logfile entries

  1. #1
    Join Date
    2010-11-11
    Posts
    46
    Rep Power
    0

    Default Delete specific logfile entries

    Hello,
    I have a deployment with some gateways that log to their management where logs get stored for x months. A new gateway on a remote site brings a regulatory requirement to keep logfiles back for 7 days at most, after that time logs have to be purged.
    Is there any other way to comply with this requirement other than using a separate/dedicated log server for this gateway, like a secret fw log command that can delete entries from a specific object in the log?

    I'm pretty sure there is no way to do this but if there is a way to not have a separate log server it would help tremendously.

  2. #2
    Join Date
    2006-12-04
    Posts
    1,315
    Rep Power
    12

    Default Re: Delete specific logfile entries

    You can store firewall logs localy, but you will not be able to use SmartTracker or SmartLog (without additional steps..)

  3. #3
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    907
    Rep Power
    12

    Default Re: Delete specific logfile entries

    Quote Originally Posted by Christoph View Post
    Hello,
    I have a deployment with some gateways that log to their management where logs get stored for x months. A new gateway on a remote site brings a regulatory requirement to keep logfiles back for 7 days at most, after that time logs have to be purged.
    Is there any other way to comply with this requirement other than using a separate/dedicated log server for this gateway, like a secret fw log command that can delete entries from a specific object in the log?

    I'm pretty sure there is no way to do this but if there is a way to not have a separate log server it would help tremendously.
    The described task is impossible to achieve as stated. You cannot delete specific entries from a log file. You may, however, switch log files every day and remove files older than a week. There are even script examples available on CPUG for this
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

Similar Threads

  1. Route specific network out of specific ISP
    By timtekk in forum Dynamic Routing
    Replies: 1
    Last Post: 2013-01-17, 04:04
  2. Delete specific IKE SA
    By Strela in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2012-01-09, 11:44
  3. How many log entries
    By foo727 in forum Check Point UTM-1 Edge Appliances
    Replies: 0
    Last Post: 2009-06-22, 05:56
  4. Specific Rules on Specific Interfaces
    By roadrunner in forum SmartDashboard
    Replies: 0
    Last Post: 2005-08-13, 15:28
  5. Replies: 0
    Last Post: 2005-08-13, 13:49

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •