I need to check/control all system events on many CheckPoint FW1 - don't misunderstand - not rules triggering, but events such admins log on, rules changes and etc.
I found out that I can make an log export using 2 methods:
- Grab logs
- Use special script that redirect Checkpoint log entries to syslog, FW1-Loggrabber
But it's not clear for me does such logs also contain information that i need (admins log on, rules changes)? And If yes is it possible to filter events?
I also suppose, that if system bases on *nix platform it must be a ploy - use based functions of the system to do what i want. Unfortunately i don't know where to "dig". May be you know?
Updated: New info "FW-1 can pipe its logs to syslog via Unix's logger
command, and there are third party log-reading utilities"
So, the main question is how do my task in the best way? Has anybody already resolved such problem?
P.S. I' m new with CheckPoint, so all information will be useful for me. Thank you.