Syslog not forwarding action

nikufellow — Thu, 06 Apr 2023 11:04:49 GMT

Hi,

We have configured a syslog server on R81.10. The logs are forwarding but do not have action in them . The destination is a rhel server with syslog agent running

Can you please let me know what all need to be checked here

Any pointers appreciated

CEF:0|Check Point|SmartDefense|Check Point|IPS|SIPVicious Security Scanner|High|cp_severity=High cs2Label=Protection ID cs2=asm_dynamic_prop_SC_SIPVICIOUS cs3Label=Protection Type cs3=IPS cs4Label=Protection Name cs4=SIPVicious Security Scanner deviceDirection=2 flexNumber1Label=Confidence flexNumber1=9 flexNumber2Label=Performance Impact flexNumber2=8 flexString2Label=Attack Information flexString2=SIPVicious Security Scanner msg=Scanner Enforcement Violation rt=1680679718000 loguid={0x9fsdf6ec6,0xdsfdb,0xf8cfcb06,0xbsdf99} origin=132.6.99.180 originsicname=CN\=CHN-New-CP-DW-3,O\=PU-MEZ-CHKPTMGMT-01.napesorg.com.qibhes sequencenum=8842 version=3 description_url=SC_SIPVICIOUS_help.html dst=192.168.2.1 product=SmartDefense smartdefense_profile=Optimized src=81.14.123.112

Re: Syslog not forwarding action

Chris_Atkinson — Thu, 06 Apr 2023 12:21:38 GMT

What log exporter settings are you using?

Namely: format, read-mode, protocol, encryption

How else have you verified that the action isn't being sent?

Re: Syslog not forwarding action

PhoneBoy — Thu, 06 Apr 2023 17:45:48 GMT

The action field is not sent with every log.
See: https://support.checkpoint.com/results/sk/sk144192

topic Re: Syslog not forwarding action in General Topics

Syslog not forwarding action

Re: Syslog not forwarding action

Re: Syslog not forwarding action