Support Center > Search Results > SecureKnowledge Details
How to read a Check Point log file in its native format
Solution

Occasionally, a Check Point VPN-1 log file will be transferred from one system to another, usually for the purposes of troubleshooting. These native log files cannot be opened using NotePad or Wordpad.  Here is how to extract the file into readable format:

First, you will need to transfer this file to the $FWDIR/log directory.

Since the log pointer files are not required to be kept, but are required to read/export the logs, we need to regenerate them:

fw repairlog <Log File Name>

This will create the associated pointer files:

<Log File Name>.log              

<Log File Name>.logLuuidDB

<Log File Name>.logaccount_ptr

<Log File Name>.loginitial_ptr

<Log File Name>.logptr

Then you can either read the log natively:

fw log <Log File Name>

or, alternatively,  export the logfile:

fwm logexport -n -p -i <Log File Name> -o <Output File Name>

The -n and -p switches instruct logexport to skp resolution of IP addresses and TCP/UDP ports in the resulting exported file. Depending on your OS you might need to explicity specify the path to the input file and output file for this step,

Related Solutions:

sk65298: fwm log export fails with following error message: "10766 File size limit exceeded"

Imported from Nokia support database

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment