CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: Delete specific logfile entries

  1. #1
    Join Date
    2010-11-11
    Posts
    54
    Rep Power
    8

    Default Delete specific logfile entries

    Hello,
    I have a deployment with some gateways that log to their management where logs get stored for x months. A new gateway on a remote site brings a regulatory requirement to keep logfiles back for 7 days at most, after that time logs have to be purged.
    Is there any other way to comply with this requirement other than using a separate/dedicated log server for this gateway, like a secret fw log command that can delete entries from a specific object in the log?

    I'm pretty sure there is no way to do this but if there is a way to not have a separate log server it would help tremendously.

  2. #2
    Join Date
    2006-12-04
    Posts
    1,316
    Rep Power
    13

    Default Re: Delete specific logfile entries

    You can store firewall logs localy, but you will not be able to use SmartTracker or SmartLog (without additional steps..)

  3. #3
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,025
    Rep Power
    13

    Default Re: Delete specific logfile entries

    Quote Originally Posted by Christoph View Post
    Hello,
    I have a deployment with some gateways that log to their management where logs get stored for x months. A new gateway on a remote site brings a regulatory requirement to keep logfiles back for 7 days at most, after that time logs have to be purged.
    Is there any other way to comply with this requirement other than using a separate/dedicated log server for this gateway, like a secret fw log command that can delete entries from a specific object in the log?

    I'm pretty sure there is no way to do this but if there is a way to not have a separate log server it would help tremendously.
    The described task is impossible to achieve as stated. You cannot delete specific entries from a log file. You may, however, switch log files every day and remove files older than a week. There are even script examples available on CPUG for this
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

Similar Threads

  1. Route specific network out of specific ISP
    By timtekk in forum Dynamic Routing
    Replies: 1
    Last Post: 2013-01-17, 04:04
  2. Delete specific IKE SA
    By Strela in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2012-01-09, 11:44
  3. How many log entries
    By foo727 in forum Check Point UTM-1 Edge Appliances
    Replies: 0
    Last Post: 2009-06-22, 05:56
  4. Specific Rules on Specific Interfaces
    By roadrunner in forum SmartDashboard
    Replies: 0
    Last Post: 2005-08-13, 15:28
  5. Replies: 0
    Last Post: 2005-08-13, 13:49

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •