One way to back up your CheckPoint firewall logs to an external host is to run a little script nightly in your SmartCenter using SFTP. The script uses all utilities already included in the CheckPoint Gaia installation. To use it you need to generate a ssh key pair, have the public key on the authorized keys list on your backup host. It should also work similarly on R80 with minor changes to the path’s used in the script and cron command. (At least thats what a CP engineer at CPX said, haven’t had the time to test it out yet.)
The script it self:
#!/bin/bash echo "Starting SmartCenter Firewall log backup script" /usr/bin/sftp -o identityfile=/home/*username*/.ssh/id_rsa *firstname.lastname@example.org >/tmp/backup.log<<end lcd /opt/CPsuite-R77/fw1/log cd logs put $(date --date='yesterday' +%Y-%m-%d)* quit end cat "/tmp/backup.log" echo "Backup script finished"
The cron command to run the backup script nightly:
5 0 * * * . /opt/CPshrd-R77/tmp/.CPprofile.sh && bash /home/*username*/log_backup.sh|/opt/CPsuite-R77/fw1/bin/sendmail -s "SmartCenter log backup output" -t your.mail.server -f email@example.com firstname.lastname@example.org
As the above cron command suggests you need to have nightly log rotation turned on in your SmartCenter properties. Oh yea and if you don’t want an e-mail about the status of the backup. Well you can just comment the echo commands out of the script and replace the parts after | in the cron command with the regular send to /dev/null.