Print Download PDF Send Feedback

Previous

Next

log_export

Description log_export is a utility that allows you to transfer Log data to an external database. This utility behaves as a LEA client. LEA (Log Export API) enables Security Gateway Log data to be exported to third-party applications. log_export receives the Logs from the Security Management server via LEA so it can be run from any host that has a SIC connection with the Security Management server and is defined as an OPSEC host. To run log_export, you need a basic understanding and a working knowledge of:

Syntax

# log_export [-f <conf_file>] [-l <lea_server_ip_address>] [-g <log_file_name1>,<log_file_name2>,...] [-t <database_table_name>] [-p <database_password>] [-h] [-d]

Parameter

Description

-f <conf_file>

The Configuration File from which log_export reads the Log file parameters. If conf_file is not specified, the default Configuration File log_export.conf, located in the current working directory.

-l <lea_server_ip_address>

The IP address of the LEA server.

-g <log_file_name1>,<log_file_name2>,...

A comma separated list of log file names from where the logs will be taken.

-t <database_table_name>

The name of the table in the database to which the logs will be added.

-p <database_password>

The database login password. If you do not want to specify the password in the Configuration File for security reasons, you can enter the password using the command line where it will not be saved anywhere.

-h

Display log_export help.

-d

Display debugging information.

Further Info For more information about LEA, see Check Point LEA (Log Export API) Specification

Comments Only Oracle database is currently supported.

Before you can run log_export, the Oracle client must be installed and configured. Make sure that:

The log_export Configuration File

log_export has a Configuration File. The Configuration File is a Check Point Set file and should be configured according to Set file conventions. The Configuration File contains the default parameters for log_export. log_export reads all parameters from the Configuration File that is specified in the command line.

Modifying the Configuration File

log_export parameters are defined in the Configuration File. To change the parameters, you can either modify the Configuration File or use the command line. Any parameter entered using the command line will override the parameters in the Configuration File.

Modify the Configuration File according to the following parameters:

Example Configuration File Example

:db_table_name (fw_log)

:db_connection_string (database_service_name)

:db_user_name (scott)

:db_password (tiger)

:log_server_ip_address (127.0.0.1)

:log_server_port (18184)

:create_db_table (1)

:log_file_name (fw.log)

:log_fields (

: (time

:db_field_name (log_time)

:db_field_type (DATE)

)

: (product

:db_field_name (product)

:db_field_type (STRING)

:db_field_size (25)

)

: (i/f_name

:db_field_name (interface)

:db_field_type (STRING)

:db_field_size (100)

)

: (orig

:db_field_name (origin)

:db_field_type (STRING)

:db_field_size (16)

)

: (action

:db_field_name (action)

:db_field_type (STRING)

:db_field_size (16)

)

: (service

:db_field_name (service)

:db_field_type (STRING)

:db_field_size (40)

)