Parsing CheckPoint Archive logs without "FW" tool

New Member

I have checkpoint archived logs stored in a binary format as described here :

can Splunk parse these files directly somehow ?

Instead of using the FW tool to convert them into CSV format and then import them to splunk.

I want to do that because my logs are much bigger than 2GB and the FW tool can only output 2GB at a time.

Many thanks in advance.

Tim Brewer

0 Karma

Splunk Employee
Splunk Employee

Hi Tim,

No, Splunk cannot parse your binary log files. You need to either:

1 Export the logs from the management server using the fw logexport command
2. Setup the OPSEC LEA connector -

The second option is the recommended approach, as this will give you a continued feed of logs into your Splunk platform for analysis.