Thursday, September 28, 2006

Checkpoint FW-1 log exporting

The thing I didn't mention that you quickly find out when importing Checkpoint logs into a database is that Checkpoint have a non-fixed format for exporting logs - only those fields that have values appear in the export, and as for the order of those fields - I'm pretty certain it depends on the phase of the moon ;-) I'll post the little script that gets around that with some Perl later - it's quite simple, but not everyone who might need to load FW-1 logs into a database wants to learn Perl (or any scripting/text-processing language) in order to do so.
Posted by at

2 comments:

Barry Anderson said...

I never actually published this comment and forgot all about it...the script is actually available in my GSEC Gold paper in the SANS reading room at http://www.sans.org/reading_room/whitepapers/firewalls/check_point_firewalls_rulebase_cleanup_and_performance_tuning_32884

6:22 AM
Barry Anderson said...

New path:
http://www.sans.org/reading-room/whitepapers/firewalls/check-point-firewalls-rulebase-cleanup-performance-tuning-32884

7:52 PM

Post a Comment

Subscribe to: Post Comments (Atom)