I’m running VPN-1 UTM and this tricked worked fine.
Looking at the registry, there are several keys under
which look to pertain to whichever version you have installed.
Under the top level key
HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\ is a “CurrentVersion” String.
Mine is “6.0” so I navigated to
HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\FW1\6.0 and created the “FWLOGDIR” string there, restarted the firewall and my logs appeared in the new location specified under “FWLOGDIR”.
Below is a note from the old Phoneboy FAQ detailing this tip for earlier versions (and for *nix based Checkpoint firewalls).
FireWall-1 Versions 3.0b-4.0 support modifying (or adding) the following
registry entry (It is of type String):
Specify the full path name to the log directory here.
In 4.1, create the following registry entry:
Note: this directory must exist. You will need to restart the FireWall-1
service for this to take effect.
On Unix machines, you can symbolically link the $FWDIR/log directory to
another drive. For example:
fwstop mv $FWDIR/log $FWDIR/log.old ln -s /path/to/new/logdir $FWDIR/log fwstart