Closed ThreatHunterDiary closed 7 years ago
Could you please paste the content of your fw1-loggrabber.conf
file?
Here is some relevant documentation: https://github.com/certego/fw1-loggrabber/wiki/Configure-and-run-FW1-LogGrabber#fw1-loggrabberconf-file
Hi @adepasquale,
Output of my fw1-loggrabber.conf
file:
> DEBUG_LEVEL="0"
> FW1_LOGFILE="fw.log"
> FW1_OUTPUT="logs"
> FW1_TYPE="ng"
> FW1_MODE="normal"
> ONLINE_MODE="yes"
> RESOLVE_MODE="no"
> RECORD_SEPARATOR="|"
> DATEFORMAT="std"
> LOGGING_CONFIGURATION=screen
> OUTPUT_FILE_PREFIX="fw1-loggrabber"
> OUTPUT_FILE_ROTATESIZE=1048576
> SYSLOG_FACILITY="LOCAL1"
And I have went through your documentation, but couldn't get my head around the all of it. As much I understood I put it in the lea.conf and fw1-loggrabber.conf files.
Hi @adepasquale
I even tried changing fw1-loggrabber.conf file to:
DEBUG_LEVEL="0" FW1_LOGFILE="fw.log" FW1_OUTPUT="logs" FW1_TYPE="ng" FW1_MODE="normal" ONLINE_MODE="yes" RESOLVE_MODE="no" RECORD_SEPARATOR="|" DATEFORMAT="std" LOGGING_CONFIGURATION=file OUTPUT_FILE_PREFIX="/opt/fw1-loggrabber_files/fw1-loggrabber" OUTPUT_FILE_ROTATESIZE=1048576 SYSLOG_FACILITY="LOCAL1"
still I am not getting anything in there!
Any idea on what could be wrong?
Hi @adepasquale ,
Got it working.
I'm sure this is not an issue but i am new to this and I did not have anywhere to go for this. So, My question is after successfully running the command
fw1-loggrabber -c fw1-loggrabber.conf -l lea.conf
i am not getting anything on the console. Where would be the logs coming from Checkpoint firewall will be? How they are stored on the system?I am asking these question because I am planning to forward these logs to Fluentd.