fw fetchlogs

Description

Fetches the specified Security log files ($FWDIR/log/*.log*) or Audit log files ($FWDIR/log/*.adtlog*) from the specified Check Point computer.

Syntax

fw [-d] fetchlogs [-f <Name of Log File 1>] [-f <Name of Log File 2>]... [-f <Name of Log File N>] <Target>

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

-f <Name of Log File N>

Specifies the name of the log file to fetch. Need to specify name only.

Notes:

  • If you do not specify the log file name explicitly, the command transfers all Security log files ($FWDIR/log/*.log*) and all Audit log files ($FWDIR/log/*.adtlog*).

  • The specified log file name can include wildcards * and ? (for example, 2017-0?-*.log).

    If you enter a wildcard, you must enclose it in double quotes or single quotes.

  • You can specify multiple log files in one command.

    You must use the -f parameter for each log file name pattern.

  • This command also transfers the applicable log pointer files.

<Target>

Specifies the remote Check Point computer, with which this local Check Point computer has established SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. trust.

Notes:

  • This command moves the specified log files from the $FWDIR/log/ directory on the specified Check Point computer. Meaning, it deletes the specified log files on the specified Check Point computer after it copies them successfully.

  • This command moves the specified log files to the $FWDIR/log/ directory on the local Check Point computer, on which you run this command.

  • This command cannot fetch the active log files $FWDIR/log/fw.log or $FWDIR/log/fw.adtlog.

    To fetch these activeClosed State of a Cluster Member that is fully operational: (1) In ClusterXL, this applies to the state of the Security Gateway component (2) In 3rd-party / OPSEC cluster, this applies to the state of the cluster State Synchronization mechanism. log files:

    1. Perform log switch on the applicable Check Point computer:

      fw logswitch [-audit] [-h <IP Address or Hostname>]

    2. Fetch the rotated log file from the applicable Check Point computer:

      fw fetchlogs -f <Log File Name> <IP Address or Hostname>

  • This command renames the log files it fetched from the specified Check Point computer. The new log file name is the concatenation of the Check Point computer's name (as configured in SmartConsole), two underscore (_) characters, and the original log file name (for example: MyGW__2019-06-01_000000.log).

Example - Fetching log files from a Management Server

[Expert@HostName:0]# fw lslogs MyGW
     Size Log file name
        23KB 2019-05-16_000000.log
         9KB 2019-05-17_000000.log
        11KB 2019-05-18_000000.log
      5796KB 2019-06-01_000000.log
      4610KB fw.log
[Expert@HostName:0]#
 
[Expert@HostName:0]# fw fetchlogs -f 2019-06-01_000000 MyGW
File fetching in process. It may take some time...
File MyGW__2019-06-01_000000.log was fetched successfully
[Expert@HostName:0]#
 
[Expert@HostName:0]# ls $FWDIR/log/MyGW*
/opt/CPsuite-R80.40/fw1/log/MyGW__2019-06-01_000000.log
/opt/CPsuite-R80.40/fw1/log/MyGW__2019-06-01_000000.logaccount_ptr
/opt/CPsuite-R80.40/fw1/log/MyGW__2019-06-01_000000.loginitial_ptr
/opt/CPsuite-R80.40/fw1/log/MyGW__2019-06-01_000000.logptr
[Expert@HostName:0]#
 
[Expert@HostName:0]# fw lslogs MyGW
     Size Log file name
        23KB 2019-05-16_000000.log
         9KB 2019-05-17_000000.log
        11KB 2019-05-18_000000.log
      4610KB fw.log
[Expert@HostName:0]#