fw logswitch

Description

Switches the current active log file:

Closes the current active log file
Renames the current active log file
Creates a new active log file with the default name

Notes:

By default, this command switches the active Security log file - $FWDIR/log/fw.log
You can specify to switch the active Audit log file - $FWDIR/log/fw.adtlog

Syntax

fw [-d] logswitch

[-audit] [<Name of Switched Log>]

-h <Target> [[+ | -]<Name of Switched Log>]

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

-audit

Specifies to switch the active Audit log file ($FWDIR/log/fw.adtlog).

You can use this parameter only on a Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

-h <Target>

Specifies the remote computer, on which to switch the log.

Notes:

The local and the remote computers must have established SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. trust.
The remote computer can be a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., a Log Server Dedicated Check Point server that runs Check Point software to store and process logs., or a Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. in High Availability deployment.
You can specify the remote managed computer by its main IP address or Object Name as configured in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

<Name of Switched Log>

Specifies the name of the switched log file.

Notes:

If you do not specify this parameter, then a default name is:

<YYYY-MM-DD_HHMMSS>.log

<YYYY-MM-DD_HHMMSS>.adtlog

For example, 2018-03-26_174455.log
If you specify the name of the switched log file, then the name of the switch log file is:

<Specified_Log_Name>.log

<Specified_Log_Name>.adtlog
The log switch operation fails if the specified name for the switched log matches the name of an existing log file.
The maximal length of the specified name of the switched log file is 230 characters.

+

Specifies to copy the active log from the remote computer to the local computer.

Notes:

If you specify the name of the switched log file, you must write it immediately after this + (plus) parameter.
The command copies the active log from the remote computer and saves it in the $FWDIR/log/ directory on the local computer.
The default name of the saved log file is:

<Gateway_Object_Name>__<YYYY-MM-DD_HHMMSS>.log

For example, MyGW__2018-03-26_174455.log
If you specify the name of the switched log file, then the name of the saved log file is:

<Gateway_Object_Name>__<Specified_Log_Name>.log
When this command copies the log file from the remote computer, it compresses the file.

-

Specifies to transfer the active log from the remote computer to the local computer.

Notes:

The command saves the copied active log file in the $FWDIR/log/ directory on the local computer and then deletes the switched log file on the remote computer.
If you specify the name of the switched log file, you must write it immediately after this - (minus) parameter.
The default name of the saved log file is:

<Gateway_Object_Name>__<YYYY-MM-DD_HHMMSS>.log

For example, MyGW__2018-03-26_174455.log
If you specify the name of the switched log file, then the name of the saved log file is:

<Gateway_Object_Name>__<Specified_Log_Name>.log
When this command transfers the log file from the remote computer, it compresses the file.
As an alternative, you can use the fw fetchlogs command.

Compression

When this command transfers the log files from the remote computer, it compresses the file with the gzip command (see RFC 1950 to RFC 1952 for details). The algorithm is a variation of LZ77 method. The compression ratio varies with the content of the log file and is difficult to predict. Binary data are not compressed. Text data, such as user names and URLs, are compressed.