Affichage des logs

Contenu des logs

 1 $ fw log
 2 Date: Oct 12, 2011
 3 13:00:37        NOM_FW >daemon alert log_sys_message: Warning: You are required to deploy a Software Blade license instead of your NGX license. For more details go to http://www.checkpoint.com/products/promo/software-blades/upgrade/index.html or contact Account Services.; product: VPN-1 & FireWall-1;
 4 
 5 13:00:37 ctl    NOM_FW >daemon sys_message: installed defaultfilter; product: VPN-1 & FireWall-1;
 6 
 7 10:19:17 accept NOM_FW >eth1c0 rule: 1; rule_uid: {342E2660-C420-4585-8FF5-6C89B151485F}; service_id: snmp; src: Mon_Host_1; dst: 20.20.20.20; proto: udp; product: VPN-1 & FireWall-1; service: snmp; s_port: 36839;
 8 
 9 10:19:17 accept NOM_FW >eth1c0 rule: 1; rule_uid: {342E2660-C420-4585-8FF5-6C89B151485F}; service_id: snmp; src: Mon_Host_1; dst: 20.20.20.20; proto: udp; product: VPN-1 & FireWall-1; service: snmp; s_port: 42988;
10 
11 10:19:17 accept NOM_FW >eth1c0 rule: 1; rule_uid: {342E2660-C420-4585-8FF5-6C89B151485F}; service_id: snmp; src: Mon_Host_1; dst: 20.20.20.20; proto: udp; product: VPN-1 & FireWall-1; service: snmp; s_port: 49931;

Filtre sur les drops

1 $ fw log -c drop
2 Date: Oct 12, 2011
3 13:00:42 drop   NOM_FW <eth1c0 src: NOM_FW; dst: multicast; proto: igmp; message_info: Packet with IP options. IP options are not allowed.; product: VPN-1 & FireWall-1;
4 
5 13:03:20 drop   NOM_FW >eth1c0 rule: 2; rule_uid: {FF14CFCF-4D3D-4821-8DA1-C47D16E33CAE}; src: 30.30.30.30; dst: 50.50.50.50; proto: udp; product: VPN-1 & FireWall-1; service: nbname; s_port: nbname;
6 
7 13:03:20 drop   NOM_FW >eth1c0 rule: 2; rule_uid: {FF14CFCF-4D3D-4821-8DA1-C47D16E33CAE}; src: Mon_Host_2; dst: 60.60.60.255; proto: udp; product: VPN-1 & FireWall-1; service: nbname; s_port: nbname;
8 
9 10:19:00 drop   NOM_FW >eth1c0 rule: 2; rule_uid: {FF14CFCF-4D3D-4821-8DA1-C47D16E33CAE}; src: Mon_Host_3; dst: Mon_Host_22; proto: udp; product: VPN-1 & FireWall-1; service: snmp-trap; s_port: 32768;

Actions disponibles : - accept - drop - reject - authorize - deauthorize - encrypt - decrypt

L'option -f permet de faire l'équivalent d'un tail.

Infos CheckPoint sk25532

Liste des fichiers de logs disponible

1 $ fw lslogs
2 Size      Log file name
3 1447036KB   fw.log