How to read a Check Point log file in its native format
Occasionally, a Check Point VPN-1 log file will be transferred from one system to another, usually for the purposes of troubleshooting. These native log files cannot be opened using NotePad or Wordpad. Here is how to extract the file into readable format:
First, you will need to transfer this file to the $FWDIR/log directory.
Since the log pointer files are not required to be kept, but are required to read/export the logs, we need to regenerate them:
fw repairlog <Log File Name>
This will create the associated pointer files:
<Log File Name>.log
<Log File Name>.logLuuidDB
<Log File Name>.logaccount_ptr
<Log File Name>.loginitial_ptr
<Log File Name>.logptr
Then you can either read the log natively:
fw log <Log File Name>
or, alternatively, export the logfile:
fwm logexport -n -p -i <Log File Name> -o <Output File Name>
The -n and -p switches instruct logexport to skip resolution of the IP addresses and TCP/UDP ports in the resulting exported file. Depending on your OS, you might need to explicity specify the path to the input file and output file for this step.
sk65298: fwm log export fails with following error message: "10766 File size limit exceeded"
Imported from Nokia support database