Affichage des logs

Contenu des logs

$ fw log
Date: Oct 12, 2011
13:00:37        NOM_FW >daemon alert log_sys_message: Warning: You are required to deploy a Software Blade license instead of your NGX license. For more details go to http://www.checkpoint.com/products/promo/software-blades/upgrade/index.html or contact Account Services.; product: VPN-1 & FireWall-1;

13:00:37 ctl    NOM_FW >daemon sys_message: installed defaultfilter; product: VPN-1 & FireWall-1;

10:19:17 accept NOM_FW >eth1c0 rule: 1; rule_uid: {342E2660-C420-4585-8FF5-6C89B151485F}; service_id: snmp; src: Mon_Host_1; dst: 20.20.20.20; proto: udp; product: VPN-1 & FireWall-1; service: snmp; s_port: 36839;

10:19:17 accept NOM_FW >eth1c0 rule: 1; rule_uid: {342E2660-C420-4585-8FF5-6C89B151485F}; service_id: snmp; src: Mon_Host_1; dst: 20.20.20.20; proto: udp; product: VPN-1 & FireWall-1; service: snmp; s_port: 42988;

10:19:17 accept NOM_FW >eth1c0 rule: 1; rule_uid: {342E2660-C420-4585-8FF5-6C89B151485F}; service_id: snmp; src: Mon_Host_1; dst: 20.20.20.20; proto: udp; product: VPN-1 & FireWall-1; service: snmp; s_port: 49931;

Filtre sur les drops

$ fw log -c drop
Date: Oct 12, 2011
13:00:42 drop   NOM_FW <eth1c0 src: NOM_FW; dst: multicast; proto: igmp; message_info: Packet with IP options. IP options are not allowed.; product: VPN-1 & FireWall-1;

13:03:20 drop   NOM_FW >eth1c0 rule: 2; rule_uid: {FF14CFCF-4D3D-4821-8DA1-C47D16E33CAE}; src: 30.30.30.30; dst: 50.50.50.50; proto: udp; product: VPN-1 & FireWall-1; service: nbname; s_port: nbname;

13:03:20 drop   NOM_FW >eth1c0 rule: 2; rule_uid: {FF14CFCF-4D3D-4821-8DA1-C47D16E33CAE}; src: Mon_Host_2; dst: 60.60.60.255; proto: udp; product: VPN-1 & FireWall-1; service: nbname; s_port: nbname;

10:19:00 drop   NOM_FW >eth1c0 rule: 2; rule_uid: {FF14CFCF-4D3D-4821-8DA1-C47D16E33CAE}; src: Mon_Host_3; dst: Mon_Host_22; proto: udp; product: VPN-1 & FireWall-1; service: snmp-trap; s_port: 32768;

Actions disponibles :

  • accept
  • drop
  • reject
  • authorize
  • deauthorize
  • encrypt
  • decrypt

L’option -f permet de faire l’équivalent d’un tail.

Infos CheckPoint sk25532

Liste des fichiers de logs disponible

$ fw lslogs
Size      Log file name
1447036KB   fw.log