fw fetchlogs

Description

Fetches the specified Security log files ($FWDIR/log/*.log*) or Audit log files ($FWDIR/log/*.adtlog*) from the specified Check Point computer.

Syntax

fw [-d] fetchlogs [-f <Name of Log File 1>] [-f <Name of Log File 2>]... [-f <Name of Log File N>] <Target>

Parameters

Parameter	Description
`-d`	Runs the command in debug mode. Use only if you troubleshoot the command itself.
`-f <`Name of Log File N`>`	Specifies the name of the log file to fetch. Need to specify name only. Notes: If you do not specify the log file name explicitly, the command transfers all Security log files (`$FWDIR/log/.log`) and all Audit log files (`$FWDIR/log/.adtlog`). The specified log file name can include wildcards * and ? (for example, `2017-0?-*.log`). If you enter a wild card, you must enclose it in double quotes or single quotes. You can specify multiple log files in one command. You must use the `-f` parameter for each log file name pattern. This command also transfers the applicable log pointer files.
`<`Target>	Specifies the remote Check Point computer, with which this local Check Point computer has established SIC trust. If you run this command on a Security Management Server or Domain Management Server, then `<`Target`>` is the applicable object's name or main IP address of the Check Point Computer as configured in SmartConsole. If you run this command on a Security Gateway or Cluster Member, then `<`Target`>` is the main IP address of the applicable object as configured in SmartConsole.

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

-f <Name of Log File N>

Specifies the name of the log file to fetch. Need to specify name only.

Notes:

If you do not specify the log file name explicitly, the command transfers all Security log files ($FWDIR/log/*.log*) and all Audit log files ($FWDIR/log/*.adtlog*).
The specified log file name can include wildcards * and ? (for example, 2017-0?-*.log). If you enter a wild card, you must enclose it in double quotes or single quotes.
You can specify multiple log files in one command. You must use the -f parameter for each log file name pattern.
This command also transfers the applicable log pointer files.

<Target>

Specifies the remote Check Point computer, with which this local Check Point computer has established SIC trust.

If you run this command on a Security Management Server or Domain Management Server, then <Target> is the applicable object's name or main IP address of the Check Point Computer as configured in SmartConsole.
If you run this command on a Security Gateway or Cluster Member, then <Target> is the main IP address of the applicable object as configured in SmartConsole.

Notes:

This command moves the specified log files from the $FWDIR/log/ directory on the specified Check Point computer. Meaning, it deletes the specified log files on the specified Check Point computer after it copies them successfully.
This command moves the specified log files to the $FWDIR/log/ directory on the local Check Point computer, on which you run this command.
This command cannot fetch the active log files $FWDIR/log/fw.log or $FWDIR/log/fw.adtlog.
To fetch these active log files:
1. Perform log switch on the applicable Check Point computer:
  fw logswitch [-audit] [-h <IP Address or Hostname>]
2. Fetch the rotated log file from the applicable Check Point computer:
  fw fetchlogs -f <Log File Name> <IP Address or Hostname>
This command renames the log files it fetched from the specified Check Point computer. The new log file name is the concatenation of the Check Point computer's name (as configured in SmartConsole), two underscore (_) characters, and the original log file name (for example: MyGW__2018-06-01_000000.log).

Example from a Management Server

[Expert@HostName:0]# fw lslogs MyGW

Size Log file name

23KB 2018-05-16_000000.log

9KB 2018-05-17_000000.log

11KB 2018-05-18_000000.log

5796KB 2018-06-01_000000.log

4610KB fw.log

[Expert@HostName:0]#

[Expert@HostName:0]# fw fetchlogs -f 2018-06-01_000000 MyGW

File fetching in process. It may take some time...

File MyGW__2018-06-01_000000.log was fetched successfully

[Expert@HostName:0]#

[Expert@HostName:0]# ls $FWDIR/log/MyGW*

/opt/CPsuite-R80.20/fw1/log/MyGW__2018-06-01_000000.log

/opt/CPsuite-R80.20/fw1/log/MyGW__2018-06-01_000000.logaccount_ptr

/opt/CPsuite-R80.20/fw1/log/MyGW__2018-06-01_000000.loginitial_ptr

/opt/CPsuite-R80.20/fw1/log/MyGW__2018-06-01_000000.logptr

[Expert@HostName:0]#

[Expert@HostName:0]# fw lslogs MyGW

Size Log file name

23KB 2018-05-16_000000.log

9KB 2018-05-17_000000.log

11KB 2018-05-18_000000.log

4610KB fw.log

[Expert@HostName:0]#