All modern Operating Sytems today provide extensive logging facilities, and Linux on which Checkpoint products are based is no exception. I talk about the SSHD daemon, not Secure Rules, logs. The SSHD logs, located in /var/log/ are rotated by default every 4 logfiles. I found it very useful to keep ssh access logs for a longer period, especially when client also has access to the firewall and does changes on his/her own. To tune parameters of the SSH logging edit /etc/cpshell/log_rotation.conf (no need to restart anything) :
# File max size backlog # By default max size is 65536 bytes and backlog (how many files to retain) is 4, I usually change it to the values before: /var/log/messages 65536 256 /var/log/routing_messages 64536 256 /var/log/wtmp 65536 256 /var/log/lastlog 262400 256 /var/log/secure 64536 256 $CPDIR/log/cpstart.log 1048576 4 # Files after this line will not be shown by log command /var/log/CPbackup.elg 64536 4 /var/CPbackup/log/backup_logs.elg 64536 4 $FWDIR/log/fwd.elg 1048576 4 $FWDIR/log/dtlsd.elg 1048576 4
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.