I'm running VPN-1 UTM and this tricked worked fine.

Looking at the registry, there are several keys under HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\

which look to pertain to whichever version you have installed.

Under the top level key HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\ is a "CurrentVersion" String.

Mine is "6.0" so I navigated to HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\6.0 and created the "FWLOGDIR" string there, restarted the firewall and my logs appeared in the new location specified under "FWLOGDIR".

Below is a note from the old Phoneboy FAQ detailing this tip for earlier versions (and for *nix based Checkpoint firewalls).

FireWall-1 Versions 3.0b-4.0 support modifying (or adding) the following
registry entry (It is of type String):

HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\FWLOGDIR

Specify the full path name to the log directory here.
In 4.1, create the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\4.1\FWLOGDIR

Note: this directory must exist. You will need to restart the FireWall-1
service for this to take effect.
On Unix machines, you can symbolically link the $FWDIR/log directory to
another drive. For example:

	fwstop
	mv $FWDIR/log $FWDIR/log.old
	ln -s /path/to/new/logdir $FWDIR/log
	fwstart

Tags: Checkpoint , Firewall , Windows

Return to home page: Home