Description

FW1-Loggrabber is a simple LEA (Log Export API) Client for Checkpoint Firewall-1. It was developed in order to be able to access Firewall-1 Logfiles from command line from any host in the network. Without a LEA-Client you can only access logs with graphical Checkpoint Tools or via command line directly on the Firewall-1 machine. The primary goal was to automate reports of FW-1 logs with LIRE.

Features of FW1-Loggrabber include the following:

• Usage of the LEA-Protocol
• Get logs from both Checkpoint FW-1 4.1 (2000) and Checkpoint FW-1 5.0 (NG)
• Option to use authenticated and encrypted connection to FW-1 (only available for NG)
• Option to only show available Logfiles on FW-1 Management Server (only available for NG)
• Capability to filter logentries according to user defined rules (only available for NG)
• Online-Mode feature for command line base realtime access to logentries
• EXPERIMENTAL MySQL-Support (only in Source-Package and Linux-Package)

Prerequisites

for running FW1-Loggrabber:

• UltraSPARC running Solaris 2.7, Solaris 8 or Solaris 9
• Intel Processor running Linux with Kernel 2.2 or Kernel 2.4 (tested with SuSE, Red Hat, Debian)
• Intel Processor running Windows NT or Windows 2000

for compiling FW1-Loggrabber:

• Red Hat Linux Opsec Development System, this includes:
  • Red Hat Linux 6.2 (http://www.redhat.com)
  • gcc 2.95.1(http://gcc.gnu.org)
  • Checkpoint Opsec SDK NG-FP3 for Linux (http://www.opsec.com)
• Solaris UltraSPARC Opsec Development System, this includes:
  • Sun Solaris 8 (http://www.sun.com)
  • gcc 2.95.2 (http://gcc.gnu.org)
  • Checkpoint Opsec SDK NG-FP3 for Solaris GCC (http://www.opsec.com)
• Windows NT/2000 Opsec Development System, this includes:
  • MS Windows NT/2000 (http://www.microsoft.com)
  • MS Visual Studio 6.0 (http://www.microsoft.com)
  • Checkpoint Opsec SDK NG-FP3 for Windows NT/2000 (http://www.opsec.com)

Critics / Improvements

If you have any critics of FW1-Loggrabber, found any bug or missed a feature that should be implemented, don't hesitate to contact me.

Downloads

The downloadable Archive of the Source Code doesn't include the Opsec SDK. Please download the required SDK for your platform here. Checkpoints tool to exchange certificates in order to be able to use authenticated connections is not included anymore in the source and binary archives but in a separated package.

Current Version:

• FW1-Loggrabber 1.9.2 - Source Archive
• FW1-Loggrabber 1.9.2 Linux - Binary Archive
• FW1-Loggrabber 1.9.2 Linux-MySQL - Binary Archive with EXPERIMENTAL MySQL-Support
• FW1-Loggrabber 1.9.2 Solaris - Binary Archive
• FW1-Loggrabber 1.9.2 Windows - Binary Archive
• OPSEC Helper Applications for Solaris, Linux and Windows

Old Versions:

• FW1-Loggrabber 1.9.1 - Source Archive
• FW1-Loggrabber 1.9.1 Linux - Binary Archive
• FW1-Loggrabber 1.9.1 Linux-MySQL - Binary Archive with EXPERIMENTAL MySQL-Support
• FW1-Loggrabber 1.9.1 Solaris - Binary Archive
• FW1-Loggrabber 1.9.1 Windows - Binary Archive
• FW1-Loggrabber 1.8 - Source Archive
• FW1-Loggrabber 1.8 Linux - Binary Archive
• FW1-Loggrabber 1.8 Solaris - Binary Archive
• FW1-Loggrabber 1.8 Windows - Binary Archive
• FW1-Loggrabber 1.7.2 - Source Archive
• FW1-Loggrabber 1.7.2 Linux - Binary Archive
• FW1-Loggrabber 1.7.2 Solaris - Binary Archive
• FW1-Loggrabber 1.7.2 Windows - Binary Archive
• FW1-Loggrabber 1.7.1 - Source Archive
• FW1-Loggrabber 1.7.1 Linux - Binary Archive
• FW1-Loggrabber 1.7.1 Windows - Binary Archive
• FW1-Loggrabber 1.7 - Source Archive
• FW1-Loggrabber 1.7 Linux - Binary Archive
• FW1-Loggrabber 1.5 - Source Archive
• FW1-Loggrabber 1.5 Linux - Binary Archive
• FW1-Loggrabber 1.5 Solaris - Binary Archive
• FW1-Loggrabber 1.4 - Source Archive
• FW1-Loggrabber 1.4 Linux - Binary Archive
• FW1-Loggrabber 1.3 - Source Archive
• FW1-Loggrabber 1.3 Linux - Binary Archive
• FW1-Loggrabber 1.3 Solaris - Binary Archive