https://community.checkpoint.com/t5/Firewall-and-Security-Management/What-is-best-practice-for-syslog-sending/m-p/169870#M30793 <P>Regarding Syslog for Security &amp; Audit Logs the answer is:</P> <P>sk122323: Log Exporter - Check Point Log Export</P> <P>Weather you configure it in GAiA CLI or SmartConsole depends on the Management version &amp; advanced nature of the config required.</P> <P>&nbsp;</P> <P>The Syslog otherwise configured at the GAiA level is the system/OS logs as different to the above.</P> Wed, 01 Feb 2023 08:39:10 GMT Chris_Atkinson 2023-02-01T08:39:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/What-is-best-practice-for-syslog-sending/m-p/169868#M30792 <P>Dear Team,</P><P>&nbsp;</P><P>Hello.</P><P>We are setting a distributed environment&nbsp;with two smart-1 appliances(MGMT-HA) and two quantum appliances(Cluster_XL).</P><P>We need to send syslog to other syslog server.</P><P>In this case, should I configure Gaia or Smartconsole to send syslogs?</P><P>&nbsp;</P><P>And I want to know the difference between syslog that can be sent from Gaia and syslog that can be sent from smartconsole.</P><P>Please let me know if you have any information.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 01 Feb 2023 08:23:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/What-is-best-practice-for-syslog-sending/m-p/169868#M30792 TSOL 2023-02-01T08:23:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/What-is-best-practice-for-syslog-sending/m-p/169870#M30793 <P>Regarding Syslog for Security &amp; Audit Logs the answer is:</P> <P>sk122323: Log Exporter - Check Point Log Export</P> <P>Weather you configure it in GAiA CLI or SmartConsole depends on the Management version &amp; advanced nature of the config required.</P> <P>&nbsp;</P> <P>The Syslog otherwise configured at the GAiA level is the system/OS logs as different to the above.</P> Wed, 01 Feb 2023 08:39:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/What-is-best-practice-for-syslog-sending/m-p/169870#M30793 Chris_Atkinson 2023-02-01T08:39:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/What-is-best-practice-for-syslog-sending/m-p/169872#M30794 <P>Thank you for the reply.</P><P>This SK is set to send syslog from smartconsole, but is checkpoint recommended to send it from smartconsole normally?<BR />Gaia can also send syslogs, but when would you use this?</P><P><SPAN>Please let me know if you have any information.</SPAN></P> Wed, 01 Feb 2023 08:58:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/What-is-best-practice-for-syslog-sending/m-p/169872#M30794 TSOL 2023-02-01T08:58:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/What-is-best-practice-for-syslog-sending/m-p/169900#M30805 <P>As above security logs come from management.</P> <P>Local OS events direct from the Gateway.</P> Wed, 01 Feb 2023 12:06:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/What-is-best-practice-for-syslog-sending/m-p/169900#M30805 Chris_Atkinson 2023-02-01T12:06:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/What-is-best-practice-for-syslog-sending/m-p/169930#M30816 <P>You would use it in Info level if you wanted to see DHCP assignments if the gateway is set to act as a DHCP server.&nbsp; You can also scrub for local logins, and any critical or warnings you specifically need.&nbsp; With PCI-DSS, sending these to your syslog servers allows better validation of their questions.&nbsp; It is very satisfying during an audit to say, "Did you check on the syslog infrastructure?&nbsp; It is there."</P> Wed, 01 Feb 2023 14:19:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/What-is-best-practice-for-syslog-sending/m-p/169930#M30816 George_Ellis 2023-02-01T14:19:41Z