Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Checkpoint Fw1 syslog logging. Any solution ?

from [Rajeev Kumar] Network Security [Permanent Link]
Subject: Re: Checkpoint Fw1 syslog logging. Any solution ?
Date: Mon, 26 Sep 2005 13:24:35 -0400
I have cooked some solution (Sorry this is only for Linux/Unix type of servers as it is based on logger. Unless you want to install cygwin on your windows server and run this script via cygwin shell) Hope this may help others. You can fine tune fw log -f -t ... command in the script below to suit your need.

To start
/etc/init.d/checkpoint_fwlogs start
To stop
/etc/init.d/checkpoint_fwlogs stop

-------------------------------------------------------------------------

(*)Boot script (put under /etc/init.d/checkpoint_fwlogs , run chkconfig etc)
-------------------------------------------------------------------------
#!/bin/sh
# rajeev@rajeevnet.com (Sept/22/2005)
# chkconfig: - 99 30
# description: This is a checkpoint logger to syslog


#- Logger
LOGGER="/usr/bin/logger"
#- Local command errors goes to file
LOCAL_ERRORS="/var/log/checkpoint_fw.log"
#- Syslog Facility
FACILITY="user"
#- Syslog Level
LEVEL="alert"
#--- If you want to collect these logs in different file on your
#--- syslog server
#---- define something like below. Assuming user.alert syslog facilit.
#user.alert                     /var/log/checkpoint_fw.log


##--- No Need to modify below this ------------------------##
#-Check if any other fw log process is running
OLD_PID=`ps -ef | grep "fw log" |grep -v grep |  awk '{print $2}'`

case "$1" in
'start')
if [ $OLD_PID ]; then
echo "!!!------------------------------------------!!!!!"
echo " ALERT:: Another log process is running with pid $OLD_PID . First kill that process. Exiting..."
echo "!!!------------------------------------------!!!!!"
exit 1
fi
echo "Sending Checkpoint logs to syslog .."
#Throw all logs to syslog.
$FWDIR/bin/fw log -f -t -l -o 2>>$LOCAL_ERRORS | $LOGGER -p $FACILITY.$LEVEL >/dev/null 2>&1 &
;;

'stop')
        if [ $OLD_PID ]; then
         echo "Killing fw log process with PID $OLD_PID"
         kill $OLD_PID
        fi
         echo "Stopped ......"
        ;;

*)      echo "Usage: $0 { start | stop }"
        ;;

esac
------------------------------------------------------------------------------

Hope this helps.

Rajeev K.

contrera@eig.unige.ch wrote: 
Hi,

I need to redirect my checkpoint firewall logs to a syslog server.

I've founded the following url that describe a trick for being able to redirect 
the fw1 log to syslog but it works only on Linux : 
http://wyae.de/docs/fw1syslog.php

My checkpoint host is on windows so i can't use this.
Someone knows a solution for a windows host ?

Thanks a lot


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Security Training for Company's Employee, Kenton Smith
Next by Date:  Re: Software Firewalls, Steve.Cummings
Previous by Thread:  Re: Checkpoint Fw1 syslog logging. Any solution ?, xyberpix
Next by Thread:  Re: Checkpoint Fw1 syslog logging. Any solution ?, contrera
Indexes:  [Date] [Thread] [Top] [All Lists]