Logs in Milliseconds

Many users export logs to third parties. In some cases, the volume of logs is so large that several logs arrive all at the same second. To construct a chain of events from the logs’ arrival, you must know the specific order the logs arrive. Now you can send the time of arrival in a format that includes milliseconds.

Logs in milliseconds is intended for customers who:

  • Use Log Exporter.

  • Have environments with high logging rates.
  • This feature is disabled by default.

To control the feature on the Security Gateway side:

Note – This procedure restarts the FWD process.

  1. Connect to the command line on the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / each Cluster MemberClosed Security Gateway that is part of a cluster..

  2. Log in to the Expert mode.

  3. Go to the $FWDIR/scripts/ directory:

    cd $FWDIR/scripts/

  4. Run the script with the applicable parameter:

    enable_disable_time_in_milli.sh {1 | 0}

    • To enable the feature, run the script with the value 1.

    • To disable the feature, run the script with the value 0.

To control the feature on the Log Server side:

  1. Connect to the command line on the Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs..

  2. Log in to the Expert mode.

  3. To create a new exporter to export logs with the milliseconds format, run these commands:

    cp_log_export add name <Name of Exporter> target-server <IP Address of Target Server> target-port <Port Number on Target Server> protocol {tcp | udp} time-in-milli {true | false}

    cp_log_export restart name <Name of Exporter>

  4. To modify an existing exporter to export logs with the milliseconds format, run these commands:

    cp_log_export set name <Name of Exporter> time-in-milli {true | false}

    cp_log_export restart name <Name of Exporter>

After Log Exporter is configured to export logs in milliseconds, the additional field is added to the time field.

Logs from Security Gateways without this feature enabled are exported with the value 000 for the additional time field.