I have checkpoint archived logs stored in a binary format as described here :
can Splunk parse these files directly somehow ?
Instead of using the FW tool to convert them into CSV format and then import them to splunk.
I want to do that because my logs are much bigger than 2GB and the FW tool can only output 2GB at a time.
Many thanks in advance.
No, Splunk cannot parse your binary log files. You need to either:
1 Export the logs from the management server using the fw logexport command
2. Setup the OPSEC LEA connector - https://splunkbase.splunk.com/app/1454/
The second option is the recommended approach, as this will give you a continued feed of logs into your Splunk platform for analysis.