How to export Check Point log files into a readable format without using Smartview tracker?

How to export Check Point log files into a readable format without using Smartview tracker?

Got a suggestion? Tell us here!

Hi there - here are the high level steps from one of our community members. You can view the detailed steps and screen shots here:


Provided below are two options for speeding up the conversion from binary to ASCII format. The first method is a more manual process which requires manually entering the file names, which would be ideal for small conversion jobs. The second method is a fully automated method which is ideal for environments with a large number of log files. Keep in mind the more familiar you are with the GAIA platform or Linux in general the more you’ll be able to tweak the below instructions and either create your own scripts or Cron jobs to automate this process.

Method 1

1. Login to your Check Point appliance as expert mode via SSH.
2. Go to the log file directory by default they are located in $FWDIR/log
3. Issue the command below:

# time fwm logexport –n –p -i filename.log –o exportfilename.csv && time fwm logexport –n –p -i filename2.log –o exportfilename2.csv && time && fwm logexport –n –p -i filename3.log –o exportfilename3.csv

Simply continue to add the & statement until you are complete. Please keep in mind that although the export command isn’t intensive it will add some load to your device, so if you’re in a standalone environment (management and gateway on the same device) then you may not want to convert all your logs at once.

-n disables dns resolution and
–p disables port resolution

Unless you absolutely need dns and port resolution disabling them will tremendously speed up the conversion, -i is the default flag input file name and –o is the default flag for output file name
(The time flag simply tells you how long the conversion took)

4. There should now be several new files “exportfilename.csv” “exportfilename2.csv” and “exportfilename3.csv” created in your current directory.

5. At this point you have the option to review the logs on the device itself or copy the logs to another machine and review them there.

Method 2 (Fully Automated)

1. Login to your Checkpoint appliance as expert mode via SSH.
2. Go to the log file directory by default they are located in $FWDIR/log
3. Create conversion script

vi conversionscript (vi being the editor you’re going to use)

(Enter into edit mode by pressing “I”) # !/bin/bash FILES=”$FWDIR/log/*.log" for f in $FILES do echo “Converting Files” time fwm logexport –n –p –I “$f” –o “$f.csv” done (Save by pressing esc and :wq)

Script explained in detail:

  • # !/bin/bash – just states you’re going to use the bash shell
    • FILES=”$FWDIR/log/*.log” – This declares the variable FILES, and states that any files in the $FWDIR/log directory that end with .log should be added to its valueNote: If for some reason your files are stored in a different directory you will have to change what $FILES is equal to.
    • for f in $FILES – this creates the loop, which will go through each variable stored in $FILES
    • echo “Converting Files” – displays Converting Files while script is running
    • time fwm logexport –n –p –i “$f” –o “$f.csv”

the meat and potatoes of this small script:
time (time displays how long it took to convert that particular file)
–n (-n turns off dns lookup, and just leaves the IP address of each log entry speeding up the conversion)
–p (-p disables port translation, leaving out the corresponding ports of each entry, once again speeding up the conversion)
–i (-i is the flag for the input file, in this case the input will be the variable $f which is going through the loop) -o (-o is the flag for output, in this case the output will be the name of the file ending in .csv)

done – simply ends the script

4. Run the script, from the directory you created it by simply typing ./conversionscript

Note: Because you are automating the conversion make sure you have enough space available to store the converted logs, you may need to mount a network drive.

And that’s it, depending on how many log entries you have this script could take anywhere from 5 minutes to 5 days, so be patient.

I hope this brief tutorial was hopeful and I urge to you to continue to explore ways of automating this process. The more you become familiar with the process the more options will become available to you.

View origianl post here: