Closed ThreatHunterDiary closed 7 years ago
adepasquale
commented
8 years ago Could you please paste the content of your fw1-loggrabber.conf file?
Here is some relevant documentation: https://github.com/certego/fw1-loggrabber/wiki/Configure-and-run-FW1-LogGrabber#fw1-loggrabberconf-file
ThreatHunterDiary
commented
8 years ago Hi @adepasquale,
Output of my fw1-loggrabber.conf file:
> DEBUG_LEVEL="0"
> FW1_LOGFILE="fw.log"
> FW1_OUTPUT="logs"
> FW1_TYPE="ng"
> FW1_MODE="normal"
> ONLINE_MODE="yes"
> RESOLVE_MODE="no"
> RECORD_SEPARATOR="|"
> DATEFORMAT="std"
> LOGGING_CONFIGURATION=screen
> OUTPUT_FILE_PREFIX="fw1-loggrabber"
> OUTPUT_FILE_ROTATESIZE=1048576
> SYSLOG_FACILITY="LOCAL1"And I have went through your documentation, but couldn't get my head around the all of it. As much I understood I put it in the lea.conf and fw1-loggrabber.conf files.
ThreatHunterDiary
commented
8 years ago Hi @adepasquale
I even tried changing fw1-loggrabber.conf file to:
DEBUG_LEVEL="0" FW1_LOGFILE="fw.log" FW1_OUTPUT="logs" FW1_TYPE="ng" FW1_MODE="normal" ONLINE_MODE="yes" RESOLVE_MODE="no" RECORD_SEPARATOR="|" DATEFORMAT="std" LOGGING_CONFIGURATION=file OUTPUT_FILE_PREFIX="/opt/fw1-loggrabber_files/fw1-loggrabber" OUTPUT_FILE_ROTATESIZE=1048576 SYSLOG_FACILITY="LOCAL1"
still I am not getting anything in there!
Any idea on what could be wrong?
ThreatHunterDiary
commented
7 years ago Hi @adepasquale ,
Got it working.
I'm sure this is not an issue but i am new to this and I did not have anywhere to go for this. So, My question is after successfully running the command
fw1-loggrabber -c fw1-loggrabber.conf -l lea.confi am not getting anything on the console. Where would be the logs coming from Checkpoint firewall will be? How they are stored on the system?I am asking these question because I am planning to forward these logs to Fluentd.