Hi,
I have checkpoint archived logs stored in a binary format as described here :
http://answers.splunk.com/answers/6490/import-checkpoint-archive-logs.html
can Splunk parse these files directly somehow ?
Instead of using the FW tool to convert them into CSV format and then import them to splunk.
I want to do that because my logs are much bigger than 2GB and the FW tool can only output 2GB at a time.
Many thanks in advance.
Tim Brewer
Hi Tim,
No, Splunk cannot parse your binary log files. You need to either:
1 Export the logs from the management server using the fw logexport command
2. Setup the OPSEC LEA connector - https://splunkbase.splunk.com/app/1454/
The second option is the recommended approach, as this will give you a continued feed of logs into your Splunk platform for analysis.
HTH.