log_export

Description log_export is a utility that allows you to transfer Log data to an external database. This utility behaves as a LEA client. LEA (Log Export API) enables Security Gateway Log data to be exported to third-party applications. log_export receives the Logs from the Security Management server via LEA so it can be run from any host that has a SIC connection with the Security Management server and is defined as an OPSEC host. To run log_export, you need a basic understanding and a working knowledge of:

• Oracle database administration
• LEA

Syntax

# log_export [-f <conf_file>] [-l <lea_server_ip_address>] [-g <log_file_name1>,<log_file_name2>,...] [-t <database_table_name>] [-p <database_password>] [-h] [-d]

Parameter	Description
-f <conf_file>	The Configuration File from which log_export reads the Log file parameters. If conf_file is not specified, the default Configuration File log_export.conf, located in the current working directory.
-l <lea_server_ip_address>	The IP address of the LEA server.
-g <log_file_name1>,<log_file_name2>,...	A comma separated list of log file names from where the logs will be taken.
-t <database_table_name>	The name of the table in the database to which the logs will be added.
-p <database_password>	The database login password. If you do not want to specify the password in the Configuration File for security reasons, you can enter the password using the command line where it will not be saved anywhere.
-h	Display log_export help.
-d	Display debugging information.

Further Info For more information about LEA, see Check Point LEA (Log Export API) Specification

Comments Only Oracle database is currently supported.

Before you can run log_export, the Oracle client must be installed and configured. Make sure that:

• the ORACLE_HOME environment variable is set correctly.
• $ORACLE_HOME/lib is located in the PATH environment variable on the Windows platform or LD_LIBRARY_PATH on Solaris and Linux platforms.
• If log_export is running from another machine, you must install and configure at least SmartReporter.

The log_export Configuration File

log_export has a Configuration File. The Configuration File is a Check Point Set file and should be configured according to Set file conventions. The Configuration File contains the default parameters for log_export. log_export reads all parameters from the Configuration File that is specified in the command line.

Modifying the Configuration File

log_export parameters are defined in the Configuration File. To change the parameters, you can either modify the Configuration File or use the command line. Any parameter entered using the command line will override the parameters in the Configuration File.

Modify the Configuration File according to the following parameters:

• db_connection_string - The string that defines the Oracle database server. For example, the name of the server.
• db_table_name - The name of the table in the database to which the logs will be added.
• create_db_table - Following are the available options:
  • 1 - create a new table in the database
  • 0 - use the existing table.
  • If there is an existing table, the logs will be added to that table. This requires that the existing table have the same format as the logs you are adding. If you enter 0 and there is no existing table, you will get an error message. The default is 1.
• db_user_name - The database login user name.
• db_password - The database login password.
• log_server_ip_address - The IP address of the LEA server.
• log_server_port - Port number of the LEA server. The default LEA port is 18184.
• log_file_name - A list of log file names from where the logs will be taken.
• log_fields - The name of the Log file as known by LEA.
• db_field_name - The Log field name as represented in the database table.
• db_field_type - The Log field type in the database table. This parameter can be one of the following:
  • STRING
  • NUMBER
  • DATE
• db_field_size - The size of the field in the database table. This parameter is required only if the db_field_type is either STRING or NUMBER.

Example Configuration File Example

:db_table_name (fw_log) :db_connection_string (database_service_name) :db_user_name (scott) :db_password (tiger) :log_server_ip_address (127.0.0.1) :log_server_port (18184) :create_db_table (1) :log_file_name (fw.log) :log_fields ( : (time :db_field_name (log_time) :db_field_type (DATE) ) : (product :db_field_name (product) :db_field_type (STRING) :db_field_size (25) ) : (i/f_name :db_field_name (interface) :db_field_type (STRING) :db_field_size (100) ) : (orig :db_field_name (origin) :db_field_type (STRING) :db_field_size (16) ) : (action :db_field_name (action) :db_field_type (STRING) :db_field_size (16) ) : (service :db_field_name (service) :db_field_type (STRING) :db_field_size (40) )