How to control/check CheckPoint rules changes (and another System events)

Posted by user35115 on Server Fault See other posts from Server Fault or by user35115
Published on 2010-02-26T08:19:47Z Indexed on 2010/06/16 7:33 UTC
Read the original article Hit count: 191

Filed under:
|
|
|
|

I need to check/control all system events on many CheckPoint FW1 - don't misunderstand - not rules triggering, but events such admins log on, rules changes and etc.

I found out that I can make an log export using 2 methods:

  1. Grab logs
  2. Use special script that redirect Checkpoint log entries to syslog, FW1-Loggrabber

But it's not clear for me does such logs also contain information that i need (admins log on, rules changes)? And If yes is it possible to filter events?

I also suppose, that if system bases on *nix platform it must be a ploy - use based functions of the system to do what i want. Unfortunately i don't know where to "dig". May be you know?

Updated: New info "FW-1 can pipe its logs to syslog via Unix's logger command, and there are third party log-reading utilities"

So, the main question is how do my task in the best way? Has anybody already resolved such problem?

P.S. I' m new with CheckPoint, so all information will be useful for me. Thank you.

© Server Fault or respective owner

Related posts about firewall

Related posts about event-log