CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


** Announcing the #CPUGchallenge **

I'm very happy to announce that CPUG will be hosting "The CPUG Challenge" during CPX this year.
It promises to be a fun and interesting event that will test (and maybe even expand) your knowledge of Check Point.
Whether or not you plan to attend CPX, we have something for you. Please check out this post or the CPUGchallenge.com web site for more information. -E

 

Results 1 to 3 of 3

Thread: Delete specific logfile entries

  1. #1
    Join Date
    2010-11-11
    Posts
    45
    Rep Power
    0

    Default Delete specific logfile entries

    Hello,
    I have a deployment with some gateways that log to their management where logs get stored for x months. A new gateway on a remote site brings a regulatory requirement to keep logfiles back for 7 days at most, after that time logs have to be purged.
    Is there any other way to comply with this requirement other than using a separate/dedicated log server for this gateway, like a secret fw log command that can delete entries from a specific object in the log?

    I'm pretty sure there is no way to do this but if there is a way to not have a separate log server it would help tremendously.

  2. #2
    Join Date
    2006-12-04
    Posts
    1,315
    Rep Power
    12

    Default Re: Delete specific logfile entries

    You can store firewall logs localy, but you will not be able to use SmartTracker or SmartLog (without additional steps..)

  3. #3
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    840
    Rep Power
    12

    Default Re: Delete specific logfile entries

    Quote Originally Posted by Christoph View Post
    Hello,
    I have a deployment with some gateways that log to their management where logs get stored for x months. A new gateway on a remote site brings a regulatory requirement to keep logfiles back for 7 days at most, after that time logs have to be purged.
    Is there any other way to comply with this requirement other than using a separate/dedicated log server for this gateway, like a secret fw log command that can delete entries from a specific object in the log?

    I'm pretty sure there is no way to do this but if there is a way to not have a separate log server it would help tremendously.
    The described task is impossible to achieve as stated. You cannot delete specific entries from a log file. You may, however, switch log files every day and remove files older than a week. There are even script examples available on CPUG for this
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

Similar Threads

  1. Route specific network out of specific ISP
    By timtekk in forum Dynamic Routing
    Replies: 1
    Last Post: 2013-01-17, 04:04
  2. Delete specific IKE SA
    By Strela in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2012-01-09, 11:44
  3. How many log entries
    By foo727 in forum Check Point UTM-1 Edge Appliances
    Replies: 0
    Last Post: 2009-06-22, 05:56
  4. Specific Rules on Specific Interfaces
    By roadrunner in forum SmartDashboard
    Replies: 0
    Last Post: 2005-08-13, 15:28
  5. Replies: 0
    Last Post: 2005-08-13, 13:49

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •