fw lslogs

Description

Shows a list of Security log files ($FWDIR/log/*.log) and Audit log files ($FWDIR/log/*.adtlog) residing on the local computer or a remote computer.

Syntax

fw [-d] lslogs [-f <Name of Log File 1>] [-f <Name of Log File 2>] ... [-f <Name of Log File N>] [-e] [-r] [-s {name | size | stime | etime}] [<Target>]

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

-f <Name of Log File>

Specifies the name of the log file to show. Need to specify name only.

Notes:

If the log file name is not specified explicitly, the command shows all Security log files ($FWDIR/log/*.log).
File names may include * and ? as wildcards (for example, 2019-0?-*). If you enter a wildcard, you must enclose it in double quotes or single quotes.
You can specify multiple log files in one command. You must use the "-f" parameter for each log file name pattern:

-f <Name of Log File 1> -f <Name of Log File 2> ... -f <Name of Log File N>

-e

Shows an extended file list. It includes the following information for each log file:

Size - The total size of the log file and its related pointer files
Creation Time - The time the log file was created
Closing Time - The time the log file was closed
Log File Name - The file name

-r

Reverses the sort order (descending order).

-s {name | size | stime | etime}

Specifies the sort order of the log files using one of the following sort options:

name - The file name
size - The file size
stime - The time the log file was created (this is the default option)
etime - The time the log file was closed

<Target>

Specifies the remote Check Point computer, with which this local Check Point computer has established SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. trust.

If you run this command on a Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server., then <Target> is the applicable object's name or main IP address of the Check Point Computer as configured in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..
If you run this command on a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. or Cluster Member Security Gateway that is part of a cluster., then <Target> is the main IP address of the applicable object as configured in SmartConsole.

Example 1 - Default output

[Expert@HostName:0]# fw lslogs

     Size Log file name

         9KB 2019-06-14_000000.log

        11KB 2019-06-15_000000.log

         9KB 2019-06-16_000000.log

        10KB 2019-06-17_000000.log

         9KB fw.log

[Expert@HostName:0]#

Example 2 - Showing all log files

[Expert@HostName:0]# fw lslogs -f "*"

     Size Log file name

         9KB fw.adtlog

         9KB fw.log

         9KB 2019-05-29_000000.adtlog

         9KB 2019-05-29_000000.log

         9KB 2019-05-20_000000.adtlog

         9KB 2019-05-20_000000.log

[Expert@HostName:0]#

Example 3 - Showing only log files specified by the patterns

[Expert@HostName:0]# fw lslogs -f "2019-06-14*" -f '2019-06-15*'

     Size Log file name

         9KB 2019-06-14_000000.adtlog

         9KB 2019-06-14_000000.log

        11KB 2019-06-15_000000.adtlog

        11KB 2019-06-15_000000.log

[Expert@HostName:0]#

Example 4 - Showing only log files specified by the patterns and their extended information

[Expert@HostName:0]# fw lslogs -f "2019-06-14*" -f '2019-06-15*'

     Size Log file name

         9KB 2019-06-14_000000.adtlog

         9KB 2019-06-14_000000.log

        11KB 2019-06-15_000000.adtlog

        11KB 2019-06-15_000000.log

[Expert@HostName:0]#

Example 5 - Showing only log files specified by the patterns, sorting by name in reverse order

[Expert@HostName:0]# fw lslogs -f "2019-06-14*" -f '2019-06-15*' -e -s name -r

     Size Creation Time Closing Time Log file name

        11KB 14Jun2018 0:00:00 15Jun2018 0:00:00 2019-06-15_000000.log

        11KB 14Jun2018 0:00:00 15Jun2018 0:00:00 2019-06-15_000000.adtlog

         9KB 13Jun2018 18:23:59 14Jun2018 0:00:00 2019-06-14_000000.log

         9KB 13Jun2018 0:00:00 14Jun2018 0:00:00 2019-06-14_000000.adtlog

[Expert@HostName:0]#

Example 6 - Showing only log files specified by the patterns, from a managed Security Gateway with main IP address 192.168.3.53

[Expert@MGMT:0]# fw lslogs -f "2019-06-14*" -f '2019-06-15*' 192.168.3.53

     Size Log file name

        11KB 2019-06-15_000000.adtlog

        11KB 2019-06-15_000000.log

         9KB 2019-06-14_000000.log

         9KB 2019-06-14_000000.adtlog

[Expert@MGMT:0]#