Do you know that Checkpoint stores it logs in binary format. This will be only decoded to to readable format when its being called by the SmartTracker program which comes with Checkpoint R70 software.

Alternatively you can use other commercial product such as “ManageEngine – Firewall Analyzer” & “Sawmill” to read the log file.

What happen if you dont have money to buy those software and would like to conduct investigation on a security event which occurs recently in your organization.

You can still use the checkpoint “fwm logexport” command to convert the binary format log file to readable format, such as “ascii”.

Follow the steps below to convert your file.

Steps

1. Login to your Chekpoint R70 as expert mode via SSH.

2. Go to the directory where your logs file are kept.

3. Issue the command below:

“fwm logexport -i 2009-11-03_235900.log -o 2009-11-03_235900_read.log -p”

4. There should be new file “2009-11-03_235900_read.log” created in your current directory. Use the cat, vi command to read the file.

Where:

“-i ” is your input log file which is in binary format.

“-o” is you output log file which will be in readable format.

“-p” is to exclude the port number from being resolve