CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


CPUG Challenge 2018?? We will be holding another CPUG Challenge for 2018.
The plan is to time it around CPX again (earlier this year), but not necessarily limit it to those in attendance.
I'll provide more details as we get a bit closer, but be ready! -E

 

Results 1 to 3 of 3

Thread: Delete specific logfile entries

  1. #1
    Join Date
    2010-11-11
    Posts
    54
    Rep Power
    8

    Default Delete specific logfile entries

    Hello,
    I have a deployment with some gateways that log to their management where logs get stored for x months. A new gateway on a remote site brings a regulatory requirement to keep logfiles back for 7 days at most, after that time logs have to be purged.
    Is there any other way to comply with this requirement other than using a separate/dedicated log server for this gateway, like a secret fw log command that can delete entries from a specific object in the log?

    I'm pretty sure there is no way to do this but if there is a way to not have a separate log server it would help tremendously.

  2. #2
    Join Date
    2006-12-04
    Posts
    1,316
    Rep Power
    13

    Default Re: Delete specific logfile entries

    You can store firewall logs localy, but you will not be able to use SmartTracker or SmartLog (without additional steps..)

  3. #3
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,016
    Rep Power
    13

    Default Re: Delete specific logfile entries

    Quote Originally Posted by Christoph View Post
    Hello,
    I have a deployment with some gateways that log to their management where logs get stored for x months. A new gateway on a remote site brings a regulatory requirement to keep logfiles back for 7 days at most, after that time logs have to be purged.
    Is there any other way to comply with this requirement other than using a separate/dedicated log server for this gateway, like a secret fw log command that can delete entries from a specific object in the log?

    I'm pretty sure there is no way to do this but if there is a way to not have a separate log server it would help tremendously.
    The described task is impossible to achieve as stated. You cannot delete specific entries from a log file. You may, however, switch log files every day and remove files older than a week. There are even script examples available on CPUG for this
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

Similar Threads

  1. Route specific network out of specific ISP
    By timtekk in forum Dynamic Routing
    Replies: 1
    Last Post: 2013-01-17, 04:04
  2. Delete specific IKE SA
    By Strela in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2012-01-09, 11:44
  3. How many log entries
    By foo727 in forum Check Point UTM-1 Edge Appliances
    Replies: 0
    Last Post: 2009-06-22, 05:56
  4. Specific Rules on Specific Interfaces
    By roadrunner in forum SmartDashboard
    Replies: 0
    Last Post: 2005-08-13, 15:28
  5. Replies: 0
    Last Post: 2005-08-13, 13:49

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •