One way to back up your CheckPoint firewall logs to an external host is to run a little script nightly in your SmartCenter using SFTP. The script uses all utilities already included in the CheckPoint Gaia installation.  To use it you need to generate a ssh key pair, have the public key on the authorized keys list on your backup host. It should also work similarly on R80 with minor changes to the path’s used in the script and cron command. (At least thats what a CP engineer at CPX said, haven’t had the time to test it out yet.)

The script it self:

 #!/bin/bash
 echo "Starting SmartCenter Firewall log backup script"
 /usr/bin/sftp -o identityfile=/home/*username*/.ssh/id_rsa *user*@backup.host >/tmp/backup.log<<end
 lcd /opt/CPsuite-R77/fw1/log
 cd logs
 put $(date --date='yesterday' +%Y-%m-%d)*
 quit
 end
 cat "/tmp/backup.log"
 echo "Backup script finished"

The cron command to run the backup script nightly:

5 0 * * * . /opt/CPshrd-R77/tmp/.CPprofile.sh && bash /home/*username*/log_backup.sh|/opt/CPsuite-R77/fw1/bin/sendmail -s "SmartCenter log backup output" -t your.mail.server -f username@yoursmartcenter.host youraddress@domain.host

As the above cron command suggests you need to have nightly log rotation turned on in your SmartCenter properties. Oh yea and if you don’t want an e-mail about the status of the backup. Well you can just comment the echo commands out of the script and replace the parts after | in the cron command with the regular send to /dev/null.