Convert Checkpoint R70 Binary file to readable format

Do you know that Checkpoint stores it logs in binary format. This will be only decoded to to readable format when its being called by the SmartTracker program which comes with Checkpoint R70 software.

Alternatively you can use other commercial product such as “ManageEngine – Firewall Analyzer” & “Sawmill” to read the log file.

What happen if you dont have money to buy those software and would like to conduct investigation on a security event which occurs recently in your organization.

You can still use the checkpoint “fwm logexport” command to convert the binary format log file to readable format, such as “ascii”.

Follow the steps below to convert your file.

Steps

1. Login to your Chekpoint R70 as expert mode via SSH.

2. Go to the directory where your logs file are kept.

3. Issue the command below:

“fwm logexport -i 2009-11-03_235900.log -o 2009-11-03_235900_read.log -p”

4. There should be new file “2009-11-03_235900_read.log” created in your current directory. Use the cat, vi command to read the file.

Where:

“-i ” is your input log file which is in binary format.

“-o” is you output log file which will be in readable format.

“-p” is to exclude the port number from being resolve

Advertisements

One thought on “Convert Checkpoint R70 Binary file to readable format

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s