I need to check/control all system events on many CheckPoint FW1 – don't misunderstand – not rules triggering, but events such admins log on, rules changes and etc.
I found out that I can make an log export using 2 methods:
- Grab logs
- Use special script that redirect
Checkpoint log entries to
syslog, FW1-Loggrabber
But it's not clear for me does such logs also contain information that i need (admins log on, rules changes)? And If yes is it possible to filter events?
I also suppose, that if system bases on *nix platform it must be a ploy – use based functions of the system to do what i want. Unfortunately i don't know where to "dig". May be you know?
Updated: New info "FW-1 can pipe its logs to syslog via Unix's logger command, and there are third party log-reading utilities"
So, the main question is how do my task in the best way? Has anybody already resolved such problem?
P.S. I' m new with CheckPoint, so all information will be useful for me. Thank you.
Best Answer
Checkpoint has an add-on for that.
http://www.checkpoint.com/products/softwareblades/smartworkflow.html