fw

Description

  • Performs various operations on Security or Audit log files.

  • Kills the specified Check Point processes.

  • Manages the Suspicious Activity Monitoring (SAM) rules.

  • Manages the Suspicious Activity Policy editor.

Syntax

fw [-d]

      fetchlogs <options>

      hastat <options>

      kill <options>

      log <options>

      logswitch <options>

      lslogs <options>

      mergefiles <options>

      repairlog <options>

      sam <options>

      sam_policy <options>

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

fetchlogs <options>

Fetches the specified Check Point log files - Security ($FWDIR/log/*.log*) or Audit ($FWDIR/log/*.adtlog*), from the specified Check Point computer.

See fw fetchlogs.

hastat <options>

Shows information about Check Point computers in High Availability configuration and their states.

See fw hastat.

kill <options>

Kills the specified Check Point process.

See fw kill.

log <options>

Shows the content of Check Point log files - Security ($FWDIR/log/*.log) or Audit ($FWDIR/log/*.adtlog).

See fw log.

logswitch <options>

Switches the current active Check Point log file - Security ($FWDIR/log/fw.log) or Audit ($FWDIR/log/fw.adtlog).

See fw logswitch.

lslogs <options>

Shows a list of Check Point log files - Security ($FWDIR/log/*.log*) or Audit ($FWDIR/log/*.adtlog*), located on the local computer or a remote computer.

See fw lslogs.

mergefiles <options>

Merges several Check Point log files - Security ($FWDIR/log/*.log) or Audit ($FWDIR/log/*.adtlog), into a single log file.

See fw mergefiles.

repairlog <options>

Rebuilds pointer files for Check Point log files - Security ($FWDIR/log/*.log) or Audit ($FWDIR/log/*.adtlog).

See fw repairlog.

sam <options>

Manages the Suspicious Activity Monitoring (SAM) rules.

See fw sam.

sam_policy <options>

or

samp <options>

Manages the Suspicious Activity Policy editor that works with these type of rules:

  • Suspicious Activity Monitoring (SAM) rules.

  • Rate Limiting rules.

See fw sam_policy.