certego / fw1-loggrabber

FW1-Loggrabber is a command-line tool to grab logfiles from remote Checkpoint devices using OPSEC LEA (Log Export API)
GNU General Public License v2.0
52 stars 35 forks source link

Ignore Fields #35

Open jamesspi opened 7 years ago

jamesspi commented 7 years ago

Hi,

Could you just confirm - does the "IGNORE_FIELDS" setting take effect before the logs are collected, or once they are written to the log file locally?

If I understood the code correctly, they are filtered out when the opsec connection is initiated, and just aren't sent back to the collecting device - correct?

Thanks, James

adepasquale commented 7 years ago

This part of the code was written by the FW1-LogGrabber v1 original authors.

To me, it looks like the filtering is done on the processing side, once the log files are written locally.